Firewall rule-set: Figure 1

In this rule set, Feature 1 and Feature 2 could be any sort of advanced feature, such as time-sequence parameters, anti-virus parameters, or intrusion detection parameters.

Source Dest Svc Action Feature 1 Feature 2
Local-net Anywhere HTTP Allow Optional Optional
VPN-clients Anywhere SMTP Allow Optional Optional
VPN-clients Radius Server Telnet Allow Optional Optional
Any Firewall Any Deny Optional Optional
Customers Demo-net FTP Allow Optional Optional

In this rule set, Feature 1 and Feature 2 could be any sort of advanced feature, such as time-sequence parameters, anti-virus parameters, or intrusion detection parameters. Network addresses that appear in the Source and Destination columns are typically wrapped in group names such as "VPN-clients" or "Local-net" for internal employee networks.

Back to Guidelines for configuring your firewall rule-set.