Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X1000
121122123124125126127128129130
Service Precedence
User Guide 109
based on the specificity of targets, from most specific to least specific. The
following order is used:
IP refers to exactly one host IP address
List refers to multiple host IP addresses, a network address, or an alias
Any refers to the special “Any” target (not “Any” services)
When two icons are representing the same service (for example, two
Telnet icons or two Any icons), they are sorted using the above tables. The
most specific one will always be checked first for a match. If a match is not
made, the next specific service will be checked, and so on, until either a
match is made or no services are left to check. In the latter case, the packet
is denied. For example, if there are two Telnet icons, telnet_1 allowing
from A to B and telnet_2 allowing from C to D, a Telnet attempt from C to
E will first check telnet_1, and then telnet_2. Because no match is found,
the rest of the rules are considered. If an outgoing service allows from C to
E, it will do so.
When only one icon is representing a service in a precedence category,
only that service is checked for a match. If the packet matches the service
and both targets, the service rule applies. If the packet matches the service
but fails to match either target, the packet is denied. For example, if one
Telnet icon allows from A to B, a Telnet attempt from A to C will be
blocked without considering any services further down the precedence
chain, including outgoing services.
For more information on outgoing services, see the following FAQ:
https://support.watchguard.com/advancedfaqs/svc_outgoing.asp
From To Rank
IP IP 0
List IP 1
IP List 2
List List 3
Any IP 4
IP Any 5
Any List 6
List Any 7
Any Any 8