Content security profiles can be referenced in security policies to protect intranet servers and users against threats.
Protect intranet servers that provide services for Internet users.
Protect intranet users who access the Internet and transfer files.
According to the preceding requirements, the following security policies are configured:
No. |
Description |
Source Zone |
Destination Zone |
Source IP Address |
Destination IP Address |
Content Security |
Action |
|---|---|---|---|---|---|---|---|
1 |
Protect intranet servers that provide services for Internet users. | any |
dmz |
any |
Internal server address |
Antivirus: detects and handles viruses in files transmitted to the intranet server to prevent virus attacks on the intranet server. Intrusion prevention: detects intrusions in the traffic that accesses the intranet server to defend against intrusions on the intranet server. File blocking: detects the types of files transmitted to the intranet server to prevent virus infection on the intranet server. APT defense: sends files with unknown threats to the sandbox for inspection to defend against APT attacks on the intranet server. |
Permit |
2 |
Protect intranet users who access the Internet and transfer files. | trust |
untrust |
IP address of the intranet users |
any |
URL filtering: filters websites accessed by intranet users to filter out illegal and malicious websites to reduce the risk of virus infection and attacks. Antivirus: detects and handles viruses in files downloaded from the Internet to prevent virus attacks. Intrusion prevention: detects intrusions for the access from intranet users to the Internet. File blocking: checks the types of files uploaded to the Internet or downloaded from the Internet to prevent virus infection. APT defense: sends files with unknown threats to the sandbox for inspection to defend against APT attacks. |
Permit |
3 |
Deny the traffic that does not match any of the preceding security policy rules. | any |
any |
any |
any |
any |
Deny |