Part II: Technical Reference
14.4 The Access Control Screen
Click Security > Firewall > Access Control to display the following screen. This screen displays a
list of the configured incoming or outgoing filtering rules.
Figure 102 Security > Firewall > Access Control
The following table describes the labels in this screen.
Service
Description Enter a description for your customized port. Apply Click Apply to save your changes.
Cancel Click Cancel to exit this screen without saving.
Table 75 Service: Add/Edit (continued)
LABEL
DESCRIPTION
Table 76 Security > Firewall > Access Control
LABEL
DESCRIPTION
Rules Storage
Space usage This bar shows the percentage of the Device’s space has been used. If the usage is almost full, you may need to remove an existing filter rule before you create a new one. Direction This is the direction of travel of packets. Select from which zone the packets come and to
which zone they go and click Show to display the related firewall ACL rules. For example,
From LAN To WAN means packets traveling from a computer or subnet on the LAN zone to the WAN zone.
FromAll displays all the firewall ACL rules for traffic going to the selected To zone.
ToAll displays all the firewall ACL rules for traffic coming from the selected From zone.
FromAllToAll displays all of the firewall ACL rules.
From Any displays all the firewall ACL rules for traffic coming from the WAN, LAN, WLAN, DMZ, and EXTRA zones (but not the ROUTER zone) to the selected To zone.
To Any (excl. Router) displays all the firewall ACL rules for traffic coming from the selected From zone to the WAN, LAN, WLAN, DMZ, and EXTRA zones (but not the ROUTER
zone).
EXTRA is a local zone to use as needed depending on your network topology.
To ROUTER firewall ACL rules apply to traffic destined for the Device and control which computers can manage the Device.
14.4.1 Add/Edit an ACL Rule
Click Add new ACL rule or the Edit icon next to an existing ACL rule in the Access Control
screen. The following screen displays.
Figure 103 Access Control: Add/Edit
Name This displays the name of the rule.
From This displays the source security zone of traffic to which the rule applies. To This displays the destination security zone of traffic to which the rule applies.
Src IP This displays the source IP addresses to which this rule applies. Please note that a blank source address is equivalent to Any.
Dst IP This displays the destination IP addresses to which this rule applies. Please note that a blank destination address is equivalent to Any.
Service This displays the transport layer protocol that defines the service and the direction of traffic to which this rule applies.
Action This displays whether the rule allows packets (ACCEPT), silently discards packets (DROP), or discards packets and sends an ICMP destination-unreachable packet to the sender (REJECT).
Modify Click the Edit icon to edit the rule.
Click the Delete icon to delete an existing rule. Note that subsequent rules move up by one when you take this action.
Click the Move To icon to change the order of the rule. Enter the number in the # field.
Table 76 Security > Firewall > Access Control (continued)
The following table describes the labels in this screen.
Table 77 Access Control: Add/Edit
LABEL
DESCRIPTION
Enable Select this to turn on the ACL rule.
Logging Select this to have the Device log when it performs the ACL rule’s selected action on the traffic traveling between the two zones.
Filter Name Enter a descriptive name of up to 16 alphanumeric characters, not including spaces, underscores, and dashes.
You must enter the filter name to add an ACL rule. This field is read-only if you are editing the ACL rule.
Order Select the order of the ACL rule.
Direction Use the From and To drop-down list boxes to select the direction of travel of packets to which to apply this ACL rule. Select from which zone the packets come in and to which zone they are destined. For example, From LAN To WAN means packets traveling from a computer or subnet on the LAN zone to the WAN zone.
From Any means traffic coming from the WAN, LAN, WLAN, DMZ, and EXTRA zones (but not the ROUTER zone).
To Any (excl. Router) means traffic going to the WAN, LAN, WLAN, DMZ, and EXTRA zones (but not the ROUTER zone).
EXTRA is a local zone to use as needed depending on your network topology.
To ROUTER applies to traffic that destined for the Device. Use this to control which computers can manage the Device.
Select Source
Device Select the source device to which the ACL rule applies. If you select enter the source IP address in the field below. Specific IP Address, Source IP
address Enter the source IP address. Select
Destination Device
Select the destination device to which the ACL rule applies. If you select Specific IP Address, enter the destiniation IP address in the field below.
Destination IP
address Enter the destination IP address.
IP Type Select whether your IP type is IPv4 or IPv6.
Select Service Select the transport layer protocol that defines your customized port from the drop-down list box. The specific protocol rule sets you add in the Security > Firewall > Service > Add screen display in this list.
If you want to configure a customized protocol, select Specific Service.
Protocol This field is displayed only when you select Specific Protocol in Select Protocol.
Choose the IP port (TCP/UDP, TCP, UDP, ICMP, or ICMPv6) that defines your customized port from the drop-down list box.
Custom Source
Port This field is displayed only when you select Specific Protocol in Select Protocol. Enter a single port number or the range of port numbers of the source.
Custom
Destination Port This field is displayed only when you select Specific Protocol in Select Protocol. Enter a single port number or the range of port numbers of the destination.