Creating rule sets
The next step, shown in the following example, creates two rule sets: one from the private zone to the DMZ and one from the public zone to the DMZ.
- The rule set from the public zone to the DMZ accepts all traffic for HTTP, HTTPS, FTP, SSH, and Telnet as well as all ICMP traffic.
- The rule set from the private zone to the DMZ accepts HTTP, HTTPS and ICMP traffic only.
To configure these rule sets, perform the following steps in configuration mode.
Step | Command |
---|---|
Create the configuration node for the private_to_dmz rule set and give a description for the rule set. |
|
Create a rule to allow traffic sent from the private zone to HTTP, HTTPS, FTP, SSH, and Telnet ports in the DMZ. |
|
Create a rule to allow all ICMP traffic sent from the private zone to the DMZ. |
|
Commit the configuration. |
|
Show the firewall configuration. |
|
Create the configuration node for the public_to_dmz rule set and give a description for the rule set. |
|
Create a rule to allow traffic sent from the public zone only to HTTP and HTTPS ports in the DMZ. |
|
Create a rule to allow all ICMP traffic sent from the public zone to the DMZ. |
|
Commit the configuration. |
|
Show the firewall configuration. |
|