Creating Firewall Rules - SOURCE/ DESTINATION vs. LOCAL/REMOTE w.r.t to HOST TRIGGERS

This majorly depends on “HOST TRIGGERS”

When you define host triggers, you specify the host on both sides of the described network connection. Traditionally, the way to express the relationship between hosts is referred to as being either the source or destination of a network connection.

You can define the host relationship in either one of the following ways:

Source and destination
The source host and destination host is dependent on the direction of traffic. In one case the local client computer might be the source, whereas in another case the remote computer might be the source. The source and the destination relationship is more commonly used in network-based firewalls

Local and remote
The local host is always the local client computer, and the remote host is always a remote computer that is positioned elsewhere on the network. This expression of the host relationship is independent of the direction of traffic. The local and the remote relationship is more commonly used in host-based firewalls, and is a simpler way to look at traffic.

You can define multiple source hosts and multiple destination hosts. The hosts that you define on either side of the connection are evaluated by using an OR statement. The relationship between the selected hosts is evaluated by using an AND statement.

For example, consider a rule that defines a single local host and multiple remote hosts. As the firewall examines the packets, the local host must match the relevant IP address. However, the opposing sides of the address may be matched to any remote host. For example, you can define a rule to allow HTTP communication between the local host and either symantec.com, yahoo.com, or google.com. The single rule is the same as three rules.

About network service triggers

A network service trigger identifies one or more network protocols that are significant in relation to the described network traffic.

You can define the following types of protocols:
1. TCP - Port or port ranges
2. UDP - Port or port ranges
3. ICMP - Type and code
4. IP - Protocol number (IP type)
Example: Type 1 = ICMP, Type 6 = TCP, Type 17 = UDP
5. Ethernet - Ethernet frame type
Examples: Type 0x0800 = IPv4, Type = 0x8BDD = IPv6, Type
0x8137 = IPX

When you define TCP-based or UDP-based service triggers, you identify the ports on both sides of the described network connection. Traditionally, ports are referred to as being either the source or the destination of a network connection.

You can define the network service relationship in either of the following ways:
The source port and destination port are dependent on the direction of traffic. In one case the local client computer might own the source port, whereas in another case the remote computer might own the source port.

Reference: Admin Guide Page # 439