Firewall Profiles

Once Firewall Objects were defined you can build Firewall Rules and group them into Firewall Policies.

Firewall Policies dialog has two major parts:

• List of Profiles
• List of Rules (within the selected profile)

The execution settings pane only shows whether the firewall policy shall be enabled or disabled. To follow up the logic of Sandbox Rules (various guards) the firewall component in DSE has name TCP/IP guard.

The 'Rule list' pane shows the list of available rules within selected Firewall Policy. Besides each rule you can see its short summary. Following symbols are used in short summary:

NA - Network Access

0 - Audit Level Ignore

1 - Audit Level Monitor

2 - Audit Level Alert

NAOCP - Network Access on Closed Port

"+" - Access Allowed

"?" - Access Ask User

"-" - Access Prevented

To build the new rule click on "Add New" button and fill in the dialog:

Internet object

When you click the Change button you will be able to select the Firewall (Internet) object from the list of predefined Firewall objects. The lower part of this section will display its summary.

IP addresses

You can define all IP addresses as the part of this rule set or choose from pre-defined firewall IP addresses objects.

Access Description

Network Access - This choice will determine if the packet meeting the criteria should be passed through the firewall or denied.

Network Access on Closed port - This choice will appear only within the rules for System Applications. This option tells the system what to do if there is a packet arriving on a local port where is no listening application awaiting the packets.

Audit Level

There are three levels of reporting - no reporting, monitoring and alert. Alert would pop-up a warning message on a user's workstation.