Symantec 20032623 - Endpoint Protection Small Business Edition Implementation Manual page 222

222 Managing firewall protection
Setting up firewall rules
Actions The action parameters specify what actions the firewall takes when it
successfully matches a rule. If the rule matches and is selected in response
to a received packet, the firewall performs all actions. The firewall either
allows or blocks the packet and logs or does not log the packet. If the
firewall allows traffic, it lets the traffic that the rule specifies access the
network. If the firewall blocks traffic, it blocks the traffic that the rule
specifies so that it does not access the network.
The actions are as follows:
Allow
The firewall allows the network connection.
Block
The firewall blocks the network connection.
Triggers When the firewall evaluates the rule, all the triggers must be true for a
positive match to occur. If any one trigger is not true in relation to the
current packet, the firewall cannot apply the rule. You can combine the
trigger definitions to form more complex rules, such as to identify a
particular protocol in relation to a specific destination address.
The triggers are as follows:
Application
When the application is the only trigger you define in an allow-traffic
rule, the firewall allows the application to perform any network
operation. The application is the significant value, not the network
operations that the application performs. You can define additional
triggers to describe the particular network protocols and hosts with
which communication is allowed.
See About firewall rule application triggers"
Host
When you define host triggers, you specify the host on both sides of
the described network connection.
Traditionally, the way to express the relationship between hosts is
referred to as being either the source or destination of a network
connection.
See About firewall rule host triggers"
Network services
A network services trigger identifies one or more network protocols
that are significant in relation to the described traffic.
The local host computer always owns the local port, and the remote
computer always owns the remote port. This expression of the port
relationship is independent of the direction of traffic.
See About firewall rule network services triggers"
on page 214.
on page 217.
on page 219.