This section describes how to configure a firewall rule to control inbound or outbound traffic.
Note For detailed firewall configuration examples, see Firewall and NAT Rule Configuration Examples.
1. Click Firewall > Access Control > ACL Rules.
2. To add a new firewall rule, click Add.
The Rule - Add/Edit window opens.
3. Enter the following information:
• Enable: Click On to enable the firewall rule, or click Off to create only the firewall rule.
• From Zone: Choose the source zone for traffic that is covered by this firewall rule. For example, choose DMZ if traffic is coming from a server on your DMZ.
• To Zone: Choose the destination zone for traffic that is covered by this firewall rule. For example, choose WAN if traffic is going to the Internet.
NOTE: Only the existing zones are selectable. To create new zones, go to the Networking > Zone page. For information on configuring zones, see Configuring Zones, page 127.
• Services: Choose an existing service or service group that is covered by this firewall rule. If the service or service group that you want is not in the list, choose Create a new service to create a new service object or choose Create a new service group to create a new service group object. To maintain the service and service group objects, go to the Networking > Service Management page. See Service Management, page 157.
• Source Address: Choose an existing address or address group as the source address or network that is covered by this firewall rule.
• Destination Address: Choose an existing address or address group as the destination address or network that is covered by this firewall rule.
If the address or address group that you want is not in the list, choose Create a new address to create a new address object, or choose Create a new address group to create a new address group object. To maintain the address and address group objects, go to the Networking > Address Management page. See Address Management, page 155.
• Schedule: By default, the firewall rule is always on. If you want to keep the firewall rule active at a specific day and time, choose the schedule for the firewall rule. If the schedule that you want is not in the list, choose Create a new schedule to create a new schedule. To maintain the schedules, go to the Device Management > Schedules page. See Configuring Schedules, page 381.
• Log: Click On to log the event when a firewall rule is hit. For information on configuring firewall logging settings, see Configuring Firewall Logging Settings.
• Match Action: Choose the action for traffic when the packet hits the firewall rule.
– Accounting: Increase the Hit Count number by one when the packet hits the firewall rule.
4. Click OK to save your settings.
5. Click Save to apply your settings.
Note In addition to firewall rules, you can use the following methods to control traffic:
• Prevent common types of attacks. See Configuring Attack Protection.
• Allow or block traffic from specified MAC addresses. See Configuring MAC Address Filtering to Permit or Block Traffic
• Associate the IP address with the MAC address to prevent spoofing. See Configuring IP-MAC Binding to Prevent Spoofing
• Allow or block the websites that contain specific domains or URL keywords. See Configuring Content Filtering to Control Internet Access.