Configuring Firewall Rules to Control Inbound and Outbound Traffic
Cisco ISA500 Series Integrated Security Appliances Administration Guide 252
Configuring Firewall Rules to Control Inbound and Outbound
The zone-based firewall can permit or deny inbound or outbound traffic based on
the zone, service, source and destination address, and schedule.
Refer to the following topics:
• Default Firewall Settings, page 254
• Priorities of Firewall Rules, page 255
• Preliminary Tasks for Configuring Firewall Rules, page 255
• General Firewall Settings, page 256
• Configuring a Firewall Rule, page 257
• Configuring a Firewall Rule to Allow Multicast Traffic, page 259
• Configuring Firewall Logging Settings, page 260
About Security Zones
A security zone is a group of interfaces to which a security policy can be applied
to control traffic between zones. For ease of deployment, the Cisco ISA500 has
several predefined zones with default security settings to protect your network.
You can create additional zones as needed.
Each zone has an associated security level. The security level represents the level
of trust, from low (0) to high (100). Default firewall rules are created for all
predefined zones and your new zones, based on these security levels. For
example, by default all traffic from the LAN zone (with a Trusted security level) to
the WAN zone (with an Untrusted security level) is allowed but traffic from the
WAN (Untrusted) zone to the LAN (Trusted) zone is blocked. You can create and
modify firewall rules to specify the permit or block action for specified services,
source and destination addresses, and schedules.
To learn more, see the Security Levels and Predefined Zones table.