[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Creating Firewall Exceptions for Stateful Firewalls
To create a firewall exception for a subscriber:
- If you want to create a firewall exception for a particular
application object, first create that object.
- Access the subscriber’s Firewall page.
Figure 30: Firewall Page with Firewall Service Applied
- Enter field values to configure the values for the firewall
exception.
See Fields for Exceptions to Stateful Firewalls in Enterprise Manager Portal.
- Click Create.
Fields for Exceptions to Stateful Firewalls in Enterprise Manager
Portal
Use the fields in this topic to specify
exceptions to stateful firewalls.
Priority
- Numeric value to indicate which firewall exception takes
precedence if a subscriber has multiple exceptions for a firewall
service.
- Value—Integer in the range specified by the online
help for this field
- Guidelines—You must specify a priority for the firewall
exception. A lower number indicates a higher priority. Use a unique
priority for each firewall exception that relates to the same traffic.
If two rules have the same priority, they will be applied to traffic
in an unpredictable order.
Name
- Name of the subscription to the firewall service.
- Guidelines—You must specify a name for the firewall
exception.
Direction
- Direction, with respect to the enterprise, of the initial
traffic flow in a conversation.
- Value
- Incoming—Applies to an initial traffic flow that
starts outside the enterprise
- Outgoing—Applies to an initial traffic flow that
starts inside the enterprise
- Both—Applies to initial traffic flows that start
inside or outside the enterprise
Source IPs
- Source IP addresses (as contained in the IP packets) of
traffic to which the firewall exception applies.
- Value—[ not ]<networkAddress>/<networkMask>
- not—All addresses except the listed addresses
- <networkAddress>—IP address of the network
- <networkMask>—Subnet mask
- Guidelines—To specify traffic with a particular
source IP address, enter an IP address. To specify all traffic except
that with a particular source IP address, precede the IP address with
the keyword not. To specify traffic with
any source IP address, leave the field empty. To specify multiple
source IP addresses, set the configuration level of the portal to
Advanced (see Setting the Configuration Level for Enterprise Manager Portal), and enter multiple
addresses on different lines.
Destination IPs
- Destination TCP/UDP ports (as contained in the IP packets)
of traffic to which this firewall exception applies.
- Value—[ not ]<networkAddress>/<networkMask>
- not—All addresses except the listed addresses
- <networkAddress>—IP address of the network
- <networkMask>—Subnet mask
- Guidelines—To specify traffic with a particular
destination IP address, enter an IP address. To specify all traffic
except that with a particular destination IP address, precede the
IP address with the keyword not. To specify
multiple destination IP addresses, set the configuration level of
the portal to Advanced (see Setting the Configuration Level for Enterprise Manager Portal), and
enter multiple addresses on different lines.
Application
- Application object to which the firewall applies.
- Value—Application object you defined
- Guidelines—Select an application object from the
menu.
Firewall Action
- The way in which the firewall should handle the incoming
or outgoing traffic.
- Value
- Allow—Let the traffic through the firewall
- Reject—Send an ICMP reply that explains why the
firewall blocked the traffic
- Discard—Drop the traffic without sending any reply
Schedule
- Configured schedule to use.
- Guidelines—This field appears if scheduling is enabled
for the portal. .
Enabled
- Status of the firewall exception.
- Value
- Gray box—Firewall exception is inherited from a
parent subscriber
- White box—Firewall exception is configured for this
subscriber
- Box with check mark—Firewall exception is enabled
- Empty box—Firewall exception is disabled
- Guidelines—Click box to enable or disable a firewall
exception.
- Default—Firewall exception is disabled
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
