This section allows you to select and handle Filter policies and NAT policies.

Selecting the filter policy

The drop-down menu offers 10 pre-configured filter policies, numbered from 1 to 10:

“Block all (1)” By default, this filter policy is enabled in factory settings.
Only ports used for the management of the firewall will be open (1300/TCP and 443/TCP). All the interfaces of the firewall can also be pinged. All other connections will then be blocked.

By selecting this policy, you will only have access to the firewall’s administration interface from internal networks (protected networks); this restriction depends on the list of workstations allowed to manage the firewall, defined in the System menu, Configuration module (Firewall administration tab).

“High (2)” If you select this filter policy, only web, e-mail and FTP traffic and ping requests (echo request) will be allowed from internal interfaces to the outside.
“Medium (3)” By selecting this policy, intrusion prevention will be applied to outgoing connections, when the threat prevention engine is able to automatically detect the protocol:

For example, port 80 is generally used for HTTP traffic. The firewall will therefore consider all traffic on port 80 as HTTP traffic, as this port is defined as the default port for the HTTP protocol (default ports for each protocol are defined in the menu Application protection>Protocols). However, if another protocol is used (e.g. an SSH tunnel) for traffic going to port 80, the connection will be considered illegitimate and will be blocked as the only protocol allowed is HTTP.

All outgoing TCP connections that cannot be analyzed (for which no protocol can be recognized) will be accepted.

“Low (4)” A protocol analysis will be forced for outgoing connections.

All outgoing connections that cannot be analyzed will be allowed.

“Filter 05, 06, 07, 08, 09” Apart from the five pre-configured policies (Block all, High, Medium, Low, Pass all, which can be edited where necessary), there are five blank policies that you can customize.
“Pass all (10)” This policy allows all traffic to pass through, meaning connections on all protocols and ports are allowed. Application analyses will however be applied. This policy should only be used for testing.

You can Rename these policies and modify their configuration whenever you wish (see below).

Possible operations

Activate this policy Immediately activates the policy currently being edited. Parameters saved in this slot will overwrite current parameters and the policy will be applied immediately on the firewall.

As Filter and NAT rules belong to the same policy, they will be enabled simultaneously.

Edit Three operations can be performed on profiles with this function:
  • Rename: by clicking on this option, a window comprising two fields will appear. It will allow you to modify the name of the filter policy and add comments. Once the operation has been performed, click on “Update”. This operation can also be canceled.
  • Reinitialize: Reinitialize: allows resetting the profile to its initial configuration, thereby deleting all changes made to the profile.
  • Copy to: This option allows you to copy a profile to another, with all the information from the copied profile transferred to the receiving profile. It will also have the same name.
Last modification Click on this icon to find out the exact date and time of the last modification. The time shown is the time on the appliance instead of on the client workstation.

Selecting multiple objects

A multiple selection allows assigning the same action to several rules. Select several successive alarms using the Shift ñkey or individually by holding down the Ctrl key. You can also remove an item from an existing selection with the Ctrl key.

Some column titles have the icon . When you click on it, a menu appears and suggests assigning a setting to several selected rules (Status, Action and Inspection type for filtering).

Several lines can be deleted at the same time, by selecting them with the Ctrl key and pressing on Delete.

Drag & drop

Throughout the entire process of creating and editing rules, you will be able to drag and drop objects, actions and even filter and NAT rules.

You can move any object to wherever you wish in the table, or insert objects from the browser bar on the left (Objects field), if they have been created earlier (you can also create them directly in the fields that accept objects).

This feature applies to the search field.

Two icons indicate whether the selected object or action can be moved within a particular cell:
  • Means that the operation is possible,
  • Means that the object cannot be added to the chosen cell.