Use the general settings area in Firewall Rules to
describe rules and to specify specific actions and characteristics
of the rule.
About this task
Navigating in IPS Local Management Interface:
Navigating
in SiteProtector™ Management:
select the Firewall policy
Procedure
- Click the Add icon.
- Configure the following options:
Option |
Description |
Rule ID |
Displays the rules order in the list. |
Enabled |
Enables the rule. |
Rule Comment |
Specifies a unique description for the rule. |
Log |
Specifies whether to log details of the packets that match
the rule in the firewall log located in the /var/iss/ directory. |
Action |
Specifies the action the firewall performs when the appliance
detects a suspect packet:
|
Rule Type |
Specifies the type of Firewall Rule:- Constructed Enables the IPS Local Management
Interface to construct the firewall rule for you using the values
you specify.
- Manually Entered You construct your own
firewall rules.
|
Interfaces |
Specifies enabled or disabled interfaces. |
VLAN |
Specifies the range of VLAN tags. |
Protocol |
Specifies a protocol for the rule (Any, TCP, UDP,
ICMP, ICMPv6, and Number).Notes: - If you select Any as the protocol for a
rule, the following criteria is applied if the following conditions
are met:
- If you set an ICMP or an ICMPv6 code,
then the appropriate clause is added to the rule.
- If you set a source or destination port, then both a UDP clause
and a TCP clause are added to the rule.
- If you set a protocol Number greater than
zero (0), then a protocol number clause is added to the rule.
- If you do not specify protocol settings, then an IP clause is
added to the rule. If specified, the source and destination IP addresses
are added, too.
- If you set a protocol value other than Any,
the firewall rule is set to that protocol only.
- If you select the ICMP or ICMPv6 protocol,
type the appropriate types or codes or click Well Known to
select often-used types and codes.
|
- Click OK.
What to do next
On the
Add Firewall Rules window, you
can specify IP address and port settings for IPv4 or IPv6 networks.