Defining the access control policy structure
From Chapter 8, Introduction to Policies, Layers, and Rules, you might recall the requirement to have three rules present in the policy to ensure that you can access gateways via SSH and WebUI, drop any unsanctioned connections to the gateways as early as possible, and drop/log all other unsanctioned traffic.
With this in mind, let’s create section titles and include these rules from the start. For now, ignore the rule numbers depicted in the No. column of the following screenshot. These will eventually align when the rest of your rules have been created:
Figure 11.1 – Defining a policy structure using section titles and mandatory rules
While naming the section titles, you might optionally include action and tracking notes in some of them, as shown in the preceding screenshot.
With our policy structure defined, let’s go from the top-down, learning the purpose of each section and, when necessary...
