防火墙的基本配置原则（The basic configuration principle of firewall）.doc

防火墙的基本配置原则（The basic configuration principle of firewall） I. basic configuration principle of firewall By default, all firewalls are configured in the following two situations: ? deny all traffic, which requires certain types of traffic that can enter and exit in your network. Allow all traffic, which requires the type of traffic you specifically specify to deny. Arguably, most firewalls default to deny all traffic as a security option. Once you install the firewall, you need to open some necessary ports to allow users in the firewall to access the system after verification. In other words, if you want your employees to send and receive Email, you have to set the corresponding rules on the firewall or open the process that allows POP3 and SMTP. In the firewall configuration, we must first follow the principle of safe and practical, from this point of view, in the firewall configuration process, we need to adhere to the following three basic principles: (1) simple and practical: for firewall environment design, the first is the simpler, the better. In fact, this is the basic principle of anything. The simpler the implementation, the easier it is to understand and use. Moreover, the simpler the design, the less likely it is to make mistakes. The security features of the firewall are more easily guaranteed, and the management is more reliable and simple. Each kind of product will have its main function localization before development, for example, the original intention of firewall product is to realize the security control between the network, and the intrusion detection product mainly monitors the illegal behavior of the network. But with the development and maturity of technology, these products in addition to the main function of the original more or less increased the number of value-added features, such as the increase of killing viruses, intrusion detection and other functions of the firewall, virus killing function increased in Intrusion detection. But these ad