figure 49 intranet window
to enable intranet firewalling, it is necessary to identify which machines are protected against unauthorized access by specifying the ip addresses of these machines. you can do this in two ways:
1 inclusively by specifying which machines are members of the segment with restricted access.
2 exclusively by specifying which machines are not members of the segment with the restricted access.
using the inclusive method, you specify the ip addresses of the machines which are connected to the internet firewall’s
lan port. use this method in cases such as a small accounting office in a large lan, where it may be easier to identify the small number of machines with restricted access rather than the larger number of machines on the corporate network.
using the exclusive method, you specify the ip addresses of the machines connected to the internet firewall’s wan port. use this method in cases such as a large school district with a small student computer lab where it would be easier to specify the small number of machines on the wan which are not protected by the intranet firewall, rather than the larger number of machines which are.
typically, it is easier to enter the ip addresses from the smaller number of machines. enter these addresses individually, or as a range.
ip addresses for workstations on the lan port must have static ip addresses or use the internet firewall as a dhcp server. it is not possible for them to use a dhcp server connected to the wan port.