Table of Contents
Network security rules allow/deny certain network traffic for a particular process or for all processes. To provide the best security of the server, network policy must be configured precisely. Network rules can be defined in the Network Status section of the firewall's administration interface.
If a connection is allowed, the firewall lets in/out all packets within this connection. To allow certain traffic, enable sending of initial packets. Following packets within the connection will be allowed automatically.
Network security rules are ordered in a list which is processed from the top. The processing is stopped by the first rule matching the particular traffic (traffic direction, network service and process match the rule criteria).
A default rule stands at the tail of the list that is applied if a traffic does not match another rule before. Typically, such traffic would be Dropped. The default rule cannot be removed.
The Network Policy section also includes a set of special rules, so called “internal rules” which are used to allow certain types of network traffic for certain components of the firewall (product updates, sending of crashdump files, etc.). These rules cannot be removed nor modified. However, in the firewall configuration, it is possible to enable/disable their displaying.
HINT:
To speed up the rule processing, order rules according to volumes of traffic that would probably match these rules (e.g. a rule which allows connection to the Web service should precede a rule which allows connection to DNS).
To easily create a rule which matches most of parameters of an yet existing rule, duplicate the existing rule and modify corresponding parameters.
Network security rules can also be created by using knowledge about current state of network traffic of a particular process (i.e. according to information available in the Network Status section). Corresponding parameters (process, service, traffic direction, etc.) are detected automatically. You can simply move the new rule to a desirable position or modify it if necessary. For details, refer to chapter 4.3. Process Actions.