the following examples illustrate methods for creating network access rules.

    blocking lan access to specific protocols

    this example shows how to block all lan access to nntp

    servers on the internet.

    1 for the action, choose deny.

    2 from the service list, choose nntp.

    if the service is not listed in the menu, add it in the add service window.

    3 select lan from the source ethernet list.

    4 since all computers on the lan are to be affected, enter * in the source addr. range begin box.

    5 select wan from the destination ethernet menu.

    6 since the intent is to block access to all nntp servers, enter * in the destination addr. range begin box.

    7 click add rule.

    block access to specific users

    this example shows how to create a rule which blocks a certain range of computers, such as a competitor, from accessing the public web server on the lan or dmz.

    1 for the action, choose deny.

    2 from the service list, choose http.

    3 select wan from the source ethernet list.

    4 enter the blocked network’s starting ip address in the source addr. range begin box and the blocked network’s ending ip address in the source addr. range begin box.

    5 select * from the destination ethernet list.

    6 since the intent is to block access to all servers, enter * in the destination addr. range begin box.

    7 click add rule.

    enabling the isp to ping the internet firewall

    by default, the internet firewall does not respond to pings from the internet. however, ping is a tool that many isps use to verify that the internet connection is active.

    in this example, you limit the source to allow the isp to ping the internet firewall only.

    1 for the action, choose allow.

    2 from the service list, choose ping.

    3 select wan from the source ethernet list.

    4 enter the starting ip address of the isp’s network in the source addr. range begin box and the network’s ending ip address in the source addr. range begin box.

    5 select wan from the destination ethernet list.

    6 since the intent is to allow a ping only to the internet firewall, enter the internet firewall’s web address in the destination addr. range begin box.

    7 click add rule.