Stormshield Network’s intrusion prevention technology includes a dynamic packet filtering engine (“stateful inspection”) with rule treatment optimization that allows the application of filter policies safely and effectively.
The implementation of filter functions is based on the comparison of the attributes of each IP packet received against the criteria of each rule in the active filter policy. Filtering applies to all packets without any exceptions.
As for the user or user group authorized by the rule, from the moment a user identifies himself and authenticates successfully from a given host, the firewall will take note of it and will attribute this user’s login name to all IP packets using this host’s address as its source IP address.
As a result, rules which specify user authentication, even without specifying the restrictions placed on authorized users, can only apply to IP packets transmitted from a host on which a user has already authenticated beforehand. A check action (see Action column) can be specified in each filter rule.
Filtering consists of two parts. The strip at the top of the screen makes it possible to choose, enable or edit the filter policy, and view its last changes. The filter table is dedicated to the creation and configuration of rules.
Checking the policy in real time
The firewall’s filter policy is one of the most important elements for the security of the resources that the firewall protects. Although this policy is constantly changing to adapt to new services, new threats and new user demands, it has to remain perfectly coherent so that loopholes do not appear in the protection provided by the firewall.
The art of creating an effective filter policy is in avoiding the creation of rules that inhibit other rules. When a filter policy is voluminous, the administrator’s task becomes even more crucial as the risk increases. Furthermore, during the advanced configuration of very specific translation rules, the multiplicity of options may give rise to the creation of a wrong rule that does not meet the administrator’s needs.
To prevent this from happening, the filter rule edit window has a Check policy field (located under the filter table), which warns the administrator whenever a rule inhibits another or an error has been created on one of the rules.
[Rule 2] This rule will never be applied as it is covered by Rule 1.