User guide

ManualsBrandsIBM Manualscomputers & electronicsProventia G, Mntc

111

112

113

114

115

116

117

118

119

120

Configuring Firewall Rules

115

Proventia Network IPS G and GX Appliance User Guide

Firewall rules and

actions

The firewall supports several different actions that describe how the firewall reacts to the

packets matched in the rules, or statements. The following Table 34defines these actions:

Adding firewall

rules

To add firewall rules:

5. On the Firewall Settings page, click Add.

6. Complete the settings as indicated in the following table.

Rule Description

Ignore (Permit) Allows the matching packet to pass through, so that no further actions or

responses are taken on the packet.

Protect Packets that match this rule are processed by PAM. Enables matching

packets to be processed by normal responses, such as (but not limited to)

logging, the block response, and quarantine response.

Monitor Functions as an IP whitelist. Allows to packets that match the statements

bypass the quarantine response and bypass the block response. However,

all other responses still apply to the packet.

Drop (Deny) Drops the packets as they pass through the firewall. Because the firewall is

inline, this action prevents the packets from reaching the target system. To

the person whose packet is dropped, it appears as if the target system

simply does not respond. The connection most likely makes several retry

attempts, and then the connection eventually times out.

Drop and Reset Functions in the same manner as the drop action, but sends a TCP reset to

the source system. The connection terminates more quickly (because it is

automatically reset) than with the drop action.

Table 34: Firewall actions

Setting Description

Rule ID Displays the rule's order in the list.

See “Changing the order of firewall rules” on page 116 for more

information.

Enabled Select this check box to enable the rule.

Rule Comment Type a unique description for the rule.

Log Select whether to log details of the packets that match the rule in the

Firewall log located in the /var/iss/ directory.

Action Select a firewall action from the list.

See “Firewall rules and actions” on page 115 for descriptions of each

action.

Rule Type Select a rule type from the list:

• Constructed. Select this option to enable Proventia Manager to

construct the firewall rule for you using the values you specify.

• Manually Entered. Select this option to construct your own

firewall rules. Type the Firewall Rule statement in the area

provided.

For more information, see “Firewall Rules Language” on page 117.

VLAN Enter a range of VLAN tags.