Changing the Policy for an EFW NIC
11
f
Click in the Direction cell, and select
Out
from the drop-down list.
g
Click the check box in the Audit cell to enable audit.
You now have an effective “Deny outbound TCP SYN” rule. This rule
should directly follow the Windows Standard 2000 rule set you added
in step 6. If it does not, highlight the Deny outbound TCP SYN rule
row, and use the arrow buttons to position it directly after the
Windows 2000 Standard rule set.
8
Click
Save
to save the new policy information.
For more information on creating policies, refer to the section “Creating
Policies and Rules” in the
3Com Embedded Firewall Administration Guide
.
Creating a Sample Device Set
Next you will create a sample device set that enforces the policy you created
in the previous section. A device set is a collection of EFW devices that are
associated with a specific policy. You can define any number of device sets and
assign EFW devices to any one of those device sets.
To create the sample device set, follow the steps below.
1
From the
Main
menu, select
New
->
Device Set
. The New Device Set
window appears.
2
Type
Sample
in the Device Set Name field.
3
Select the
No IP Initiation
policy, which you created in the previous section,
from the Policy for the New Device Set box.
4
Click
OK
. The device set information appears in the working frame.
5
Select a heartbeat interval of
15 minutes
from the Heartbeat drop-down
list. (The heartbeat determines how often the EFW devices issue a
heartbeat, or status update, to the Policy Server.)
6
Type
Sample device set enforcing the No IP Initiation policy
in the
Description field. This field is optional and exists solely to assist an
administrator in identifying the contents of the device set.
7
Click
Save
.
