You can specify a 5-tuple (source address, destination address, source port, destination port, and protocol type) in a security policy to control the access within a security zone and between security zones.
Allow the device administrator to access the security gateway.
Prohibit intranet employees (except the device administrator) from accessing the security gateway.
Allow all users to access the mail server and web server and permit only HTTP, HTTPS, and SMTP traffic.
Allow all intranet users to access the Internet.
According to the preceding requirements, the following security policies are configured:
No. |
Description |
Source Zone |
Destination Zone |
Source IP Address |
Destination IP Address |
Service |
Action |
|---|---|---|---|---|---|---|---|
1 |
Allow the device administrator to access the security gateway. |
trust |
local |
Device administrator's IP address |
Management port's address |
any |
Permit |
2 |
Prohibit intranet employees (except the device administrator) from accessing the security gateway. |
trust |
local |
intranet employees (except the device administrator)' IP address |
Management port's address |
any |
Deny |
3 |
Allow all users to access the mail server and web server and permit only HTTP, HTTPS, and SMTP traffic. |
any |
dmz |
any |
Addresses of the web server and mail server |
HTTP HTTPS SMTP |
Permit |
4 |
Allow all intranet users to access the Internet. |
trust |
untrust |
IP address of the intranet users |
any |
any |
Permit |
5 |
Deny the traffic that does not match any of the preceding security policy rules. |
any |
any |
any |
any |
any |
Deny |