Chapter 6: Using the Web Interface169Changing the Default PolicyThe default policy is to accept all traffic from all IP addresses regardlessof the role applied to the user.To change the default policy:1. Choose Device Settings > Security > Role Based Access Control.The Configure Role Based Access Control Settings dialog appears.2. To determine the default policy for IPv4 addresses:a. Click the IPv4 tab if necessary.b. Ensure the "Enable Role Based Access Control for IPv4"checkbox is selected.c. Select the action you want from the Default Policy drop-down list. Allow: Accepts traffic from all IPv4 addresses regardless ofthe user's role. Deny: Drops traffic from all IPv4 addresses regardless of theuser's role.3. To determine the default policy for IPv6 addresses:a. Click the IPv6 tab.b. Ensure the "Enable Role Based Access Control for IPv6"checkbox is selected.c. Select the action you want from the Default Policy drop-down list. Allow: Accepts traffic from all IPv6 addresses regardless ofthe user's role. Deny: Drops traffic from all IPv6 addresses regardless of theuser's role.4. Click OK.Creating Role-Based Access Control RulesRole-based access control rules accept or drop traffic, based on theuser's role and IP address. Like firewall rules, the order of rules isimportant, since the rules are executed in numerical order.To create role-based access control rules:1. Choose Device Settings > Security > Role Based Access Control.The Configure Role Based Access Control Settings dialog appears.2. Click the IPv4 tab for creating IPv4 firewall rules, or click the IPv6 tabfor creating IPv6 firewall rules.
