Symantec™ Security Gateways Reference Guide - Sawmill

64 Understanding accessRulesTable 4-7ComponentActionCaptionTime rangeAlert ThresholdsRule components (Continued)DescriptionDetermines the action taken by the security gateway when a packet matching this rulearrives. This action is either let the connection continue (allow) or drop the connection(deny). The security gateway denies connections by default, so actions in rules are usuallyallow.Shortened description for the rule. It’s recommended that you fill out this field to reduceconfusion. This field appears in the main rule window, and offers you a quick way todetermine what a rule is for without having to view the properties of each rule.Time or date range for which that rule is active. A rule defaults to if no timerange is specified.Option that determines if a notification is sent when a certain threshold is reached. Helpsyou to see if traffic has increased above a certain threshold. Checking this box activates thefields below, letting you modify the defaults for five different time ranges.Log normal activityApplication data scanningStateful failoverAdvanced ServicesAuthenticationDescriptionBy default, this flag is enabled. This instructs the security gateway to log all traffic,including statistics messages, for this rule. Disabling this option instructs the securitygateway to only log warning and error conditions for this rule. You may consider disablingthis flag to reduce the number of log messages produced, especially if your log files growquickly and exceed available disk space.Option to scan entire connection for information, or to allow subsequent packets throughautomatically once initial packets have been verified and the connection deemed valid.Disabling this also disables any configured antivirus scanning.Setting this tells the connection for which this rule applies to take advantage of statefulfailover. State information for this connection is maintained throughout all nodes on thecluster, and if the node currently handling the connection fails, another node takes chargeof the connection, continuing transparent to the user. Stateful failover applies only toHTTP, FTP, Telnet, TCP GSP, and TCPAP GSP connections.This screens lets you enter optional parameters to modify the behavior of this rule.Defines the method for authenticating the connection. Checking out-of-bandauthentication deactivates the authentication drop-down menu.Optional field that holds more text than the caption field. It’s recommended that you fillout this field to reduce confusion. You should use it to keep track of any changes made.Rule priorityThe security gateway performs rule scanning in two passes. In the first pass, the security gatewayexamines the source address, destination address, destination port, the incoming interface, and the time ofday the requested arrived. Gwcontrol then reviews the list of rules to see which match all of theseparameters. If there is only one rule that matches, and that rule has no user or authentication configured, itis picked and the appropriate action (allow or deny) taken. For a matching rule that has users orauthentication defined, the requesting user is first prompted to enter the appropriate credentials andauthenticated before any action is taken.Gwcontrol will make a second pass only when it finds more than one rule that matches. When gwcontrolfinds more than one rule, the first matching rule is chosen. In this case only, how you added the rule to thesecurity gateway determines the rule picked. Therefore, if rule two and five were almost identical andmatch all of the incoming connection request parameters, rule two is picked.Note: The order in which rules are added is only a factor when creating many similar rules. In almost everycase, this can be avoided by creating rules that do not overlap.