Expert firewall rule enforcement rank

Within the realm of firewall rules, rule evaluation order becomes a factor. ZoneAlarm security software first checks expert firewall rules. If a match is found and a rule is enforced, the communication is marked as either blocked or allowed, and ZoneAlarm security software skips evaluation of Zone rules.

If no expert firewall rule is matched, ZoneAlarm security software checks Zone rules to see if the communication should be blocked.

The enforcement rank of expert firewall rules is also important. Each rule has a unique rank number, and rules are evaluated in order of rank. Only the first rule that matches is executed.


Rule 1 allows FTP clients in the Trusted Zone to connect to an FTP server on port 21. Rule 2 blocks all FTP clients from connecting on port 21, regardless of Zone. These two rules together allow clients in the Trusted Zone to use an FTP server on the client computer, but block all other FTP access.

If the order of the rules were reversed, Rule 2 would match first, and all FTP access would be blocked. Rule 1 would never have a chance to execute, so the FTP clients in the Trusted Zone would still be blocked.

See Also

Understanding expert firewall rules

©2011 Check Point Software Technologies Ltd. All rights reserved. Some features are only in premium products