Understanding expert firewall rules

Expert firewall rules are intended for users experienced with firewall security and networking protocols.

Expert rules do not take the place of other rules. They are an integral part of the multiple layer security approach and work in addition to other firewall rules.

Expert rules use four attributes to filter packets:

• Source and/or destination IP address
• Source and/or destination port number
• Network protocol/message type
• Day and Time

Source and destination addresses can be specified in a number of formats, including a single IP network address, a range of IP addresses, a subnet description, a gateway address, or a domain name.

Source and destination ports are used only for network protocols that use ports, such as UDP and TCP/IP. ICMP and IGMP messages, for example, do not use the port information.

Network protocols can be selected from a list of common IP or VPN protocols, or specified as an IP protocol number. For ICMP, the message type can also be specified.

Day and Time ranges can be applied to a rule to restrict access based on the day of the week and the time of day.

• How expert firewall rules are enforced
• Expert firewall rule enforcement rank
• Creating expert firewall rules
• Creating groups
• Editing and re-ranking rules