Chapter 4. Working With Rules
This chapter describes how to protect your system by creating security rules for applications
that you have running on your system.
About Rules
A firewall is hardware, software, or a combination of both that is used to prevent
unauthorized Internet users from accessing a private network. All information entering or
leaving the network must pass through the firewall, which examines the information packets
and blocks those that do not meet the security criteria.
Using Rules to Protect Your System
The Agent uses
firewall rules
, or
security rules,
to systematically
allow
or
block
incoming and
outgoing traffic from specific applications, ports, and IP addresses during designated time
periods.
Each rule specifies the conditions and characteristics (such as the time of day, type of traffic,
and port number) that must exist for the rule to take effect as well as the effect the rule has.
For example, a security rule may state that “Port 80 is allowed.” The Agent supports
advanced
rules
, which exhibit complex relationships between applications, IP addresses, and services.
For example, an advanced rule may state that remote port 80 is allowed to devices in subnet
193.58.74.0/24, between 9 AM and 5 PM, Monday through Friday.
You can set up your own advanced rules or import them from an administrator or third
party.
Setting Up Advanced Rules
When you set up an advanced security rule, first decide what effect you want the rule to
have. For example, do you want to block all traffic when your screensaver is on? Would you
like to allow all traffic from a particular source? Do you want to block UDP packets from a
web site?
17