User Guide
57
Service precedence
“IP” refers to exactly one host IP address; “List” refers to multiple host IP addresses, a
network address, or an alias; and “Any” refers to the special “Any” target (not “Any”
services).
When two icons are representing the same service (for example, two Telnet icons or
two Any icons) they are sorted using the above tables. The most specific one will
always be checked first for a match. If a match is not made, the next specific service
will be checked, and so on, until either a match is made or there are no services left to
check. In the latter case, the packet is denied. For example, if there are two Telnet
icons, telnet_1 allowing from A to B and telnet_2 allowing from C to D, a Telnet
attempt from C to E will first check telnet_1, and then telnet_2. Because no match is
found, the rest of the rules are considered. If an Outgoing service will allow from C to
E, it will do so.
When only one icon is representing a service in a precedence category, only that
service is checked for a match. If the packet matches the service and both targets, the
service rule applies. If the packet matches the service but fails to match either target,
the packet is denied. For example, if there is one Telnet icon allowing from A to B, a
Telnet attempt from A to C will be blocked without considering any services further
down the precedence chain, including Outgoing services.
Any
IP
4
IP
Any
5
Any
List
6
List
Any
7
Any
Any
8
From
To
Rank
Содержание Firebox FireboxTM System 4.6
Страница 1: ...WatchGuard Firebox System User Guide Firebox System 4 6 ...
Страница 16: ...6 ...
Страница 20: ...LiveSecurity broadcasts 10 ...
Страница 44: ...LiveSecurity Event Processor 34 ...
Страница 52: ...Defining a Firebox as a DHCP server 42 ...
Страница 68: ...Service precedence 58 ...
Страница 78: ...Configuring a service for incoming static NAT 68 ...
Страница 92: ...Establishing an OOB connection 82 ...
Страница 94: ...84 ...
Страница 112: ...HostWatch 102 ...
Страница 118: ...Working with log files 108 ...
Страница 130: ...120 ...
Страница 158: ...Configuring debugging options 148 ...