About the firewall rule, firewall setting, and intrusion prevention processing order
|Article:HOWTO81187|||||Created: 2012-10-24|||||Updated: 2013-10-07|||||Article URL http://www.symantec.com/docs/HOWTO81187|
Firewall rules are ordered sequentially, from highest to lowest priority in the rules list. If the first rule does not specify how to handle a packet, the firewall inspects the second rule. This process continues until the firewall finds a match. After the firewall finds a match, the firewall takes the action that the rule specifies. Subsequent lower priority rules are not inspected. For example, if a rule that blocks all traffic is listed first, followed by a rule that allows all traffic, the client blocks all traffic.
You can order rules according to exclusivity. The most restrictive rules are evaluated first, and the most general rules are evaluated last. For example, you should place the rules that block traffic near the top of the rules list. The rules that are lower in the list might allow the traffic.
The Rules list contains a blue dividing line. The dividing line sets the priority of rules in the following situations:
When a subgroup inherits rules from a parent group.
When the client is set to mixed control. The firewall processes both server rules and client rules.
Table: Processing order shows the order in which the firewall processes the rules, firewall settings, and intrusion prevention settings.
Table: Processing order
Custom IPS signatures
Intrusion Prevention settings, traffic settings, and stealth settings
Port scan checks
IPS signatures that are downloaded through LiveUpdate
See How a firewall works.
Article URL http://www.symantec.com/docs/HOWTO81187