About the firewall rule, firewall setting, and intrusion prevention processing order

Article:HOWTO55436  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55436
Article Type
How To


Subject


About the firewall rule, firewall setting, and intrusion prevention processing order

Firewall rules are ordered sequentially, from highest to lowest priority, or from the top to bottom in the rules list. If the first rule does not specify how to handle a packet, the firewall inspects the second rule. This process continues until the firewall finds a match. After the firewall finds a match, the firewall takes the action that the rule specifies. Subsequent lower priority rules are not inspected. For example, if a rule that blocks all traffic is listed first, followed by a rule that allows all traffic, the client blocks all traffic.

You can order rules according to exclusivity. The most restrictive rules are evaluated first, and the most general rules are evaluated last. For example, you should place the rules that block traffic near the top of the rules list. The rules that are lower in the list might allow the traffic.

The Rules list contains a blue dividing line. The dividing line sets the priority of rules in the following situations:

  • When a subgroup inherits rules from a parent group.

  • When the client is set to mixed control. The firewall processes both server rules and client rules.

Table: Processing order shows the order in which the firewall processes the rules, firewall settings, and intrusion prevention settings.

Table: Processing order

Priority

Setting

First

Custom IPS signatures

Second

Intrusion Prevention settings, traffic settings, and stealth settings

Third

Built-in rules

Fourth

Firewall rules

Fifth

Port scan checks

Sixth

IPS signatures that are downloaded through LiveUpdate

See Changing the order of firewall rules.

See About firewall rules

See How a firewall works.

See How intrusion prevention works


Legacy ID



v8642294_v59371754


Article URL http://www.symantec.com/docs/HOWTO55436


Terms of use for this information are found in Legal Notices