Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Bypass Rule<br />
There is a special type of <strong>Firewall</strong> Rule called a Bypass Rule. It is designed for media intensive protocols<br />
where filtering may not be desired. You create a Bypass Rule by selecting "bypass" as the rule's "Action"<br />
when creating a new <strong>Firewall</strong> Rule.<br />
The "Bypass" action on <strong>Firewall</strong> Rules differs from a Force Allow rule in the following ways:<br />
1. Packets matching Bypass will not be processed by DPI Rules<br />
2. Unlike Force Allow, Bypass will not automatically allow the responses on a TCP connection when<br />
Stateful Configuration is on (See below for more information)<br />
3. Some Bypass rules are optimized, in that traffic will flow as efficiently as if our client plug-in was<br />
not there (See below for more information)<br />
Important: When a Bypass <strong>Firewall</strong> Rule is sent to a Client Plug-in older than version 5.0, it will<br />
be treated as a Force Allow, which will not skip DPI Rule processing.<br />
Using Bypass when Stateful Configuration is On<br />
If you plan to use a Bypass Rule to skip DPI Rule processing on incoming traffic to TCP destination port N<br />
and Stateful Configuration is set to perform stateful inspection on TCP, you must create a matching<br />
outgoing rule for source port N to allow the TCP responses. (This is not required for Force Allow rules<br />
because force-allowed traffic is still processed by the stateful engine.)<br />
All Bypass rules are unidirectional. Explicit rules are required for each direction of traffic.<br />
Optimization<br />
The Bypass Rule is designed to allow matching traffic through at the fastest possible rate. Maximum<br />
throughput can be achieved with (all) the following settings:<br />
1. Priority: Highest<br />
2. Frame Type: IP<br />
3. Protocol: TCP, UDP, or other IP protocol. (Do not use the "Any" option.)<br />
4. Source and Destination IP and MAC: all "Any"<br />
5. If the protocol is TCP or UDP and the traffic direction is "incoming", the Destination Ports must be<br />
one or more specified ports (not "Any"), and the Source Ports must be "Any".<br />
6. If the protocol is TCP or UDP and the traffic direction is "outgoing", the Source Ports must be one<br />
or more specified ports (Not "Any"), and the Destination Ports must be "Any".<br />
7. Schedule: None.<br />
Logging<br />
Packets that match the bypass rule will not be logged. This is not a configurable option.<br />
© Copyright 2010 <strong>Trend</strong> <strong>Micro</strong> Inc. www.trendmicro.com<br />
All rights reserved. - 130 -