Block Unwanted Traffic
Instructions to prevent traffic of a certain
type from passing
Steps:
- Create
a traffic class to identify and isolate the traffic you want to
block, if one does not already exist.
For example, to block attempts to Telnet into a site, create a class
called BadTelnet under the Inbound parent class with Telnet as the service
in its matching rule.
For background information, see Traffic
Classification Overview and Traffic
Tree Overview.
- For web traffic, decide if you want to redirect the user to an alternate
web page. The alternate page could simply inform the user of the block.
Note the URL of the alternate web page.
- Determine if the traffic you want to block is UDP or runs over UDP.
(You will use a different type of policy to block UDP traffic.) Consult
any industry-standard chart of the TCP/IP protocol suite to help in
your determination. As examples, Simple Network Management Protocol
(SNMP), RADIUS remote authentication, and H.245 Voice over IP (VoIP)
are all examples of traffic that runs over UDP.
- Set a policy on your traffic class to block the traffic:
To block UDP traffic or traffic that runs over UDP, set
a discard policy on your class.
To redirect web traffic, set
a never-admit policy on your class using the web-redirect
option and specify the alternate URL.
To block web traffic without redirection, set
a never-admit policy on your class using the web-refuse option.
For non-web TCP traffic, set
a never-admit policy on your class.
For example, to block incoming Telnet, set a never-admit policy for
the BadTelnet class.
For background information, see Policy
Overview.
|
