The firewall protecting your network runs on Cisco hardware and is at the heart of Control Zone. By default, devices on your network are not allowed to communicate with the internet or other sites. Rules
to allow communication can be added on a per IP or sitewide basis.
In addition to the standard protocol/port/destination specification, each firewall rule created also has an expiry date and optional permitted hours of the day when the rule will be enabled. These features
provide very granular configuration capabilities that can help reduce administration/policy implementation time, increase productivity, and enhance security.
- Expiry Examples
- If a contractor will be working at your company for two weeks you can create rules for them in advance
that activate on their start date, and expire when they leave. Meaning you don't have to go back and manually remove their access at a later date.
- A user would like a port open for 30 minutes while they test a new application. Add the rule and set the expiry time to 30 minutes. Again, there is no need for you to go back and remove it.
- Permitted Access Hours Examples
- Productivity - Allowing users to access services before/after work and during lunch, which could be associated with non work related activities such as web browsing and instant messaging.
- Security - If you have a policy of allowing all sites to freely communicate with each other, and happen to have a wireless access point on your network that turns out to be insecure, an attacker may gain
access to all sites on your network outside of business hours when there are no IT staff available that may detect unusual activity. By preventing sites from communicating with each other outside of
business hours, the risk of an insecure access point would be contained to one site.
Groups can be setup that have firewall rules associated with them, and IP addresses added into the group will immediately have all group rules applied to them.