This section allows you to select and handle Filter policies and NAT policies.
Selecting the filter policy
The drop-down menu offers 10 pre-configured filter policies, numbered from 1 to 10:
|“Block all (1)”||By default, this filter policy is enabled in factory settings.
Only ports used for the management of the firewall will be open (1300/TCP and 443/TCP). All the interfaces of the firewall can also be pinged. All other connections will then be blocked.
|“High (2)”||If you select this filter policy, only web, e-mail and FTP traffic and ping requests (echo request) will be allowed from internal interfaces to the outside.|
|“Medium (3)”||By selecting this policy, intrusion prevention will be applied to outgoing connections, when the threat prevention engine is able to automatically detect the protocol:
For example, port 80 is generally used for HTTP traffic. The firewall will therefore consider all traffic on port 80 as HTTP traffic, as this port is defined as the default port for the HTTP protocol (default ports for each protocol are defined in the menu Application protection>Protocols). However, if another protocol is used (e.g. an SSH tunnel) for traffic going to port 80, the connection will be considered illegitimate and will be blocked as the only protocol allowed is HTTP.
|“Low (4)”||A protocol analysis will be forced for outgoing connections.
|“Filter 05, 06, 07, 08, 09”||Apart from the five pre-configured policies (Block all, High, Medium, Low, Pass all, which can be edited where necessary), there are five blank policies that you can customize.|
|“Pass all (10)”||This policy allows all traffic to pass through, meaning connections on all protocols and ports are allowed. Application analyses will however be applied. This policy should only be used for testing.|
You can Rename these policies and modify their configuration whenever you wish (see below).
|Activate this policy||Immediately activates the policy currently being edited. Parameters saved in this slot will overwrite current parameters and the policy will be applied immediately on the firewall.
|Edit||Three operations can be performed on profiles with this function:
|Last modification||Click on this icon to find out the exact date and time of the last modification. The time shown is the time on the appliance instead of on the client workstation.|
Selecting multiple objects
A multiple selection allows assigning the same action to several rules. Select several successive alarms using the Shift ñkey or individually by holding down the Ctrl key. You can also remove an item from an existing selection with the Ctrl key.
Some column titles have the icon . When you click on it, a menu appears and suggests assigning a setting to several selected rules (Status, Action and Inspection type for filtering).
Several lines can be deleted at the same time, by selecting them with the Ctrl key and pressing on Delete.
Drag & drop
Throughout the entire process of creating and editing rules, you will be able to drag and drop objects, actions and even filter and NAT rules.
You can move any object to wherever you wish in the table, or insert objects from the browser bar on the left (Objects field), if they have been created earlier (you can also create them directly in the fields that accept objects).
This feature applies to the search field.
Two icons indicate whether the selected object or action can be moved within a particular cell:
- Means that the operation is possible,
- Means that the object cannot be added to the chosen cell.