Chapter 15 policy – AirLive RS-3000 User Manual

Page 128

Advertising
background image

C

C

C

h

h

h

a

a

a

p

p

p

t

t

t

e

e

e

r

r

r

1

1

1

5

5

5

P

P

P

o

o

o

l

l

l

i

i

i

c

c

c

y

y

y

Every packet has to be detected if it corresponds with Policy or not when it passes the RS-3000. When

the conditions correspond with certain policy, it will pass the RS-3000 by the setting of Policy without

being detected by other policy. But if the packet cannot correspond with any Policy, the packet will be

intercepted.

The parameter of the policy includes Source Address, Destination Address, Service, Schedule,

Authentication User, Tunnel, Action-WAN Port, Traffic Log, Statistics, Content Blocking, IM/P2P

Blocking, QoS, MAX. Bandwidth Per Source IP, MAX. Concurrent Sessions Per IP and MAX.

Concurrent Sessions. Control policies decide whether packets from different network objects, network

services, and applications are able to pass through the RS-3000.

How to use Policy?

The device uses policies to filter packets. The policy settings are: source address, destination address,

services, permission, packet log, packet statistics, and flow control. Based on its source addresses, a

packet can be categorized into:

(1) Outgoing: The source IP is in LAN network; the destination is in WAN network. The system

manager can set all the policy rules of Outgoing packets in this function

(2) Incoming: The source IP is in WAN network; the destination is in LAN network. (For example:

Mapped IP, Virtual Server) The system manager can set all the policy rules of Incoming

packets in this function

(3) WAN to DMZ: The source IP is in WAN network; the destination is in DMZ network. (For

example: Mapped IP, Virtual Server) The system manager can set all the policy rules of WAN

to DMZ packets in this function

(4) LAN to DMZ: The source IP is in LAN network; the destination is in DMZ network. The system

manager can set all the policy rules of LAN to DMZ packets in this function

(5) DMZ to LAN: The source IP is in DMZ network; the destination is in LAN network. The system

manager can set all the policy rules of DMZ to LAN packets in this function

(6) DMZ to WAN: The source IP is in DMZ network; the destination is in WAN network. The

system manager can set all the policy rules of DMZ to WAN packets in this function

All the packets that go through RS-3000 must pass the policy permission. Therefore, the LAN,

WAN, and DMZ network have to set the applicable policy when establish network connection.

126

Advertising
Popular Brands
Popular manuals