About inherited firewall rules
|Article:HOWTO81231|||||Created: 2012-10-24|||||Updated: 2014-09-21|||||Article URL http://www.symantec.com/docs/HOWTO81231|
A subgroup's policy can inherit only the firewall rules that are enabled in the parent group. When you have inherited the rules, you can disable them, but you cannot modify them. As the new rules are added to the parent group's policy, the new rules are automatically added to the inheriting policy.
When the inherited rules appear in thelist, they are shaded in purple. Above the blue line, the inherited rules are added above the rules that you created. Below the blue line, the inherited rules are added below the rules that you created.
A Firewall policy also inherits default rules, so the subgroup's Firewall policy may have two sets of default rules. You may want to delete one set of default rules.
If you want to remove the inherited rules, you remove the inheritance rather than delete them. You have to remove all the inherited rules rather than the selected rules.
The firewall processes inherited firewall rules in thelist as follows:
Above the blue dividing line
The rules that the policy inherits take precedence over the rules that you create.
Below the blue dividing line
The rules that you create take precedence over the rules that the policy inherits.
Figure: An example of how firewall rules inherit from each other shows how the list orders rules when a subgroup inherits rules from a parent group. In this example, the Sales group is the parent group. The Europe Sales group inherits from the Sales group.
Article URL http://www.symantec.com/docs/HOWTO81231