Expert firewall rule enforcement rank

Within the realm of firewall rules, rule evaluation order becomes a factor. Zone Labs security software first checks expert firewall rules. If a match is found and a rule is enforced, the communication is marked as either blocked or allowed, and Zone Labs security software skips evaluation of Zone rules. If no expert firewall rule is matched, the Zone Labs security software checks Zone rules to see if the communication should be blocked. From this, it can be seen that expert firewall rules take precedence over zone rules.

The enforcement rank of expert firewall rules is also important. Each rule has a unique rank number, and rules are evaluated in order of rank. Only the first rule that matches is executed. Consider these two rules:

Figure 4-3: Expert firewall rule rank order

Rule 1 allows FTP clients in the Trusted Zone to connect to an FTP server on port 21 of the endpoint computer. Rule 2 blocks all FTP clients from connecting on port 21, regardless of Zone. These two rules together allow clients in the Trusted Zone to use an FTP server on the client computer, but block all other FTP access.

If the order of the rules were reversed, Rule 2 would match first, and all FTP access would be blocked. Rule 1 would never have a chance to execute, so the FTP clients in the Trusted Zone would still be blocked.