Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Creating and Applying New <strong>Firewall</strong><br />
Rules<br />
<strong>Firewall</strong> Rules are composed of four basic elements:<br />
Action: whether the Client Plug-in will allow packets matching the rule's criteria through<br />
regardless of any other rules that would block them ("force allow"); block packets matching the<br />
rule's criteria ("deny"); exclusively allow only packets matching the rule's criteria and block all<br />
others ("Allow"); or log packets matching the rule's criteria and let them pass ("log only"). Within<br />
a priority level (see next item), rules are applied in this order:<br />
1. "bypass"<br />
2. "force allow"<br />
3. "deny"<br />
4. "allow"<br />
5. "log only"<br />
Priority: <strong>Firewall</strong> Rules can have a priority of 0 (lowest) to 4 (highest). High priority rules are<br />
applied first.<br />
Packet Direction: whether the packet is incoming or outgoing.<br />
Packet Source: all the information that describes the packet's source (frame type, protocol, IPs,<br />
ports, flags, etc.)<br />
Packet Destination: all the information that describes the packet's destination (frame type,<br />
protocol, IPs, ports, flags, etc.)<br />
Specific Flags: which particular to flags have to be set for the rule to trigger. (Flags will vary<br />
depending on protocol.)<br />
To create a new <strong>Firewall</strong> Rule:<br />
1. Go to the <strong>Firewall</strong> Rules screen and click New on the toolbar.<br />
2. Type a name and description for your new <strong>Firewall</strong> Rule.<br />
3. Select a rule action, priority, and packet direction from the drop-down lists.<br />
4. Define the criteria that this rule will look for in the packets' control information. (Note that as well<br />
as inclusive criteria, you can define exclusive criteria by checking the "Not" checkbox at the right<br />
of each option.)<br />
5. Click the Options tab and select whether you want the rule to only be active during certain<br />
scheduled periods. Specify whether you want this rule to trigger an alert when it is triggered.<br />
6. Click OK to close the New <strong>Firewall</strong> Rule Window.<br />
Now you have to assign the new <strong>Firewall</strong> Rule to a Computer. The best way to manage the application of<br />
<strong>Firewall</strong> Rules to Computers is by way of Security Profiles. Having a Security Profile called "Developer<br />
Laptop", for example, allows you to create a set of <strong>Firewall</strong> Rules all designed for the particular<br />
environment "developer laptops" operate in. You can then assign them all to the "Developer Laptop"<br />
Security Profile, and then assign that Security Profile to that collection of Computers. Anytime you need to<br />
create and assign a new <strong>Firewall</strong> Rule to your "developer laptops", you just assign it to the Security<br />
Profile, and all "Developer Laptop" Computers will be updated with the new <strong>Firewall</strong> Rule.<br />
To include a new <strong>Firewall</strong> Rule in a Security Profile:<br />
1. Go to the Security Profiles screen and double-click the Security Profile to which you want to<br />
assign a new rule. This will open the Profile's Details window.<br />
2. Click the <strong>Firewall</strong> Rules tab.<br />
3. Find your new <strong>Firewall</strong> Rule in the list and put a check in its checkbox.<br />
4. Click OK.<br />
© Copyright 2010 <strong>Trend</strong> <strong>Micro</strong> Inc. www.trendmicro.com<br />
All rights reserved. - 131 -