Customizing firewall rules

Article:HOWTO81311  |  Created: 2012-10-25  |  Updated: 2014-09-21  |  Article URL http://www.symantec.com/docs/HOWTO81311
Article Type
How To


Subject


Customizing firewall rules

When you create a new Firewall policy, the policy includes several default rules. You can modify one or multiple rule components as needed.

The components of a firewall rule are as follows:

Actions

The action parameters specify what actions the firewall takes when it successfully matches a rule. If the rule matches and is selected in response to a received packet, the firewall performs all actions. The firewall either allows or blocks the packet and logs or does not log the packet. If the firewall allows traffic, it lets the traffic that the rule specifies access the network. If the firewall blocks traffic, it blocks the traffic that the rule specifies so that it does not access the network.

The actions are as follows:

  • Allow

    The firewall allows the network connection.

  • Block

    The firewall blocks the network connection.

Triggers

When the firewall evaluates the rule, all the triggers must be true for a positive match to occur. If any one trigger is not true in relation to the current packet, the firewall cannot apply the rule. You can combine the trigger definitions to form more complex rules, such as to identify a particular protocol in relation to a specific destination address.

The triggers are as follows:

  • Application

    When the application is the only trigger you define in an allow-traffic rule, the firewall allows the application to perform any network operation. The application is the significant value, not the network operations that the application performs. You can define additional triggers to describe the particular network protocols and hosts with which communication is allowed.

    See About firewall rule application triggers.

  • Host

    When you define host triggers, you specify the host on both sides of the described network connection.

    Traditionally, the way to express the relationship between hosts is referred to as being either the source or destination of a network connection.

    See About firewall rule host triggers.

  • Network services

    A network services trigger identifies one or more network protocols that are significant in relation to the described traffic.

    The local host computer always owns the local port, and the remote computer always owns the remote port. This expression of the port relationship is independent of the direction of traffic.

    See About firewall rule network services triggers.

Notifications

The Log settings let you specify whether the server creates a log entry or sends an email message when a traffic event matches the criteria that are set for this rule.

Customizing firewall rules

  1. In the console, open a Firewall policy.

  2. On the Firewall Policy page, click Rules.

  3. On the Rules tab, in the Rules list, in the Enabled field, ensure that the box is checked to enable the rule; uncheck the box to disable the rule.

    Symantec Endpoint Protection Small Business Edition only processes the rules that you enable. All rules are enabled by default.

  4. Double-click the Name field and type a unique name for the firewall rule.

  5. Right-click the Action field and select the action that you want Symantec Endpoint Protection Small Business Edition to take if the rule is triggered.

  6. In the Application field, define an application.

    See Defining information about applications.

  7. In the Host field, specify a host trigger.

    See Blocking traffic to or from a specific server.

  8. In addition to specifying a host trigger, you can also specify the traffic that is allowed to access your local subnet.

    See Allowing only specific traffic to the local subnet.

  9. In the Service field, specify a network service trigger.

    See Controlling whether networked computers can share messages, files, and printing.

  10. In the Log field, specify when you want Symantec Endpoint Protection Small Business Edition to send an email message to you when this firewall rule is violated.

    See Setting up notifications for firewall rule violations.

  11. If you are done with the configuration of the rule, click OK.

See Setting up firewall rules

See Managing firewall rules


Legacy ID



v17525030_v81626097


Article URL http://www.symantec.com/docs/HOWTO81311


Terms of use for this information are found in Legal Notices