policies safely and effectively.
The implementation of filter functions is based on the comparison of the attributes of each IP
packet received against the criteria of each rule in the active filter policy. Filtering applies to all
packets without any exceptions.
As for the user or user group authorized by the rule, from the moment a user identifies himself
and authenticates successfully from a given host, the firewall will take note of it and will attribute
this user’s login name to all IP packets using this host’s address as its source IP address.
As a result, rules which specify user authentication, even without specifying the restrictions
placed on authorized users, can only apply to IP packets transmitted from a host on which a user
has already authenticated beforehand. Each filter rule can specify a check action (see Action
column).
Filtering consists of two parts. The strip at the top of the screen allows choosing the filter policy,
activating it, editing it and seeing its last modification. The filter table is dedicated to the creation
and configuration of rules.
Checking the policy in real time
The firewall’s filter policy is one of the most important elements for the security of the resources
that the firewall protects. Although this policy is constantly changing to adapt to new services,
new threats and new user demands, it has to remain perfectly coherent so that loopholes do not
appear in the protection provided by the firewall.
The art of creating an effective filter policy is in avoiding the creation of rules that inhibit other
rules. When a filter policy is voluminous, the administrator’s task becomes even more crucial as
the risk increases. Furthermore, during the advanced configuration of very specific translation
rules, the multiplicity of options may give rise to the creation of a wrong rule that does not meet
the administrator’s needs.
To prevent this from happening, the editing screen for filter rules has a Check policy field (located
under the filter table), which warns the administrator whenever a rule inhibits another or an error
has been created on one of the rules.
Example: [Rule 2] This rule will never be applied as it is covered by Rule 1.
Actions on filter policy rules
Search This field allows performing searches by occurrence, letter or word.
Example: If you enter “Network_internal” in the field, all filter rules containing “Network_
internal” will be displayed in the table.
Page 124/448 sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
FILTERING AND NAT
To Next Page
Loading...
