Chapter 5 policy – PLANET SG-500 User Manual

SG-500 VPN Security Gateway User’s Manual

- 223 -

Chapter 5 Policy

Every packet has to be detected if it corresponds with Policy or not when it passes the SG-500.

When the conditions correspond with certain policy, it will pass the SG-500 by the setting of Policy

without being detected by other policy. But if the packet cannot correspond with any Policy, the

packet will be intercepted.

The parameter of the policy includes Source Address, Destination Address, Service, Action, WAN

Port, Traffic Log, Statistics, Content Blocking, Anti-Virus, Authentication User, Schedule, Alarm

Threshold, Trunk, Max. Concurrent Sessions, and QoS. Control policies decide whether packets

from different network objects, network services, and applications are able to pass through the

SG-500.

How to use Policy?

The device uses policies to filter packets. The policy settings are: source address, destination

address, services, permission, packet log, packet statistics, and flow alarm. Based on its source

addresses, a packet can be categorized into:

(1) Outgoing: The source IP is in LAN network; the destination is in WAN network. The

system manager can set all the policy rules of Outgoing packets in this function

(2) Incoming: The source IP is in WAN network; the destination is in LAN network. (For

example: Mapped IP, Virtual Server) The system manager can set all the policy rules of

Incoming packets in this function

(3) WAN to DMZ: The source IP is in WAN network; the destination is in DMZ network. (For

example: Mapped IP, Virtual Server) The system manager can set all the policy rules of

WAN to DMZ packets in this function