TMS zl Management and Configuration Guide ST.1.1.100226
4-23
Firewall
Firewall Access Policies
Access Policy Parameters
More specifically, policies include the following parameters, which determine
which traffic is selected:
■ Source and Destination Zones
Firewall access policies are grouped by the source and destination zones.
A policy may designate any of the 10 zones as the source or destination
zone or both.
■ Traffic Type
Firewall access policies can be applied to two basic types of traffic:
• Unicast—A packet has one sender and one receiver. Transmissions
in LANs and across the Internet are predominantly unicast.
• Multicast—A packet has one or more senders and a set of receivers.
Multicast transmissions have a destination address in the 224.0.0.0 –
239.255.255.255 range.
■ Source and/or Destination Address (optional)
Access policies may apply to specific source and/or destination addresses
inside a zone.
■ Service (optional)
Access policies might be applied to specific application-level services
such as HTTP, FTP, or SNMP.
■ Schedule (optional)
Access policies can be applied at a specific time and/or on selected days.
■ User Group (optional)
You can create user groups, then configure policies that apply only to the
users in that group. Access policies assigned to user groups are applied
first, then the general access policies are applied. Access policies that are
not explicitly assigned to user groups (general access policies) apply to
all traffic.
An access policy applies an action to selected traffic:
■ Permit—Permit the traffic
■ Deny—Drop the traffic
When an access policy permits traffic, it can also apply the following access
controls:
■ Rate
You can impose rate limits on unicast access policies.