Quick Start Guide
10
To create the “No IP Initiation” policy, follow the steps below.
1
In the Management Console
Main
menu, select
New
->
Policy
. The Create
a New Policy window appears.
2
Type
No IP Initiation
in the Policy field and click
OK
. The new policy
information appears in the working frame.
3
Select the following policy-setting check boxes:
■
No Sniffing
■
No Spoofing, No Routing
■
Allow non-IP Traffic
■
Allow Fragmented IP Packets
■
Allow IP Options
4
Select
Allow All Traffic
in the Fallback Mode drop-down list. A fallback
policy is used by a NIC if it is unable to reach the Policy Server on boot-up.
5
Type a description of the policy in the Description field, if desired. This field
is optional and exists solely to assist an administrator in assigning policies.
You can include information about what the policy does, or when to use
it (for example, the bulleted information provided at the beginning of
this section).
6
The access control list (ACL) initially contains only the default rule. Add the
Windows 2000 Standard rule set as follows:
a
In the
Policy
menu, select
Rule Set
(or click the
icon). The Rule Set
Manager window appears.
b
Click on the
Windows 2000 Standard Rule Set
(that you imported in
step 4 on page 9) to select it, and then click
Add To Policy.
c
Click
Close
. The rule set should appear in the ACL.
7
Create a “Deny outbound TCP SYN” rule as follows:
a
In the
Policy
menu, select
Add Rule
(or click the
icon). A new rule
appears in the ACL.
b
Click in the Rule Name cell, and type
Deny outbound TCP SYN
.
c
Click in the Action cell, and select
Deny
from the drop-down list.
d
Click in the Source IP Address cell, and select
EFW Device IP
from the
drop-down list.
e
Click in the IP Protocol cell, and select
tcp (6) init
from the
drop-down list.
