Creating a rule set for traffic to the private zone
The next step, shown in the following example, creates a rule set for traffic to the private zone.
Note that this rule set includes state rules specifically allowing traffic from existing and related connections. This rule is required in this scenario for the following reasons:
- The rule set from the public zone to the DMZ accepts all traffic for HTTP, HTTPS, FTP, SSH, and Telnet as well as all ICMP traffic.
- The rule set from the private zone to the DMZ accepts HTTP, HTTPS and ICMP traffic only.
To configure this rule set, perform the following steps in configuration mode.
Step | Command |
---|---|
Create the configuration node for the to_private rule set and give a description for the rule set. |
|
Create a rule to allow only established and related traffic to the private zone. This means that only traffic initiated in the private zone or traffic related to established connections (such as FTP data connections or ICMP messages associated with a flow) are allowed. |
|
Commit the configuration. |
|
Show the firewall configuration. |
|