Stormshield SN series Configuration Manual page 128

Action
Log level
Scheduling
Routing
Page 128/448
5 different actions can be performed:
Pass: The Stormshield Network firewall allows the packet corresponding to this filter
rule to pass. The packet stops moving down the list of rules.
Block: The Stormshield Network firewall silently blocks the packet corresponding to
this filter rule: the packet is deleted without the sender being informed. The packet
stops moving down the list of rules.
Decrypt: This action allows decrypting the encrypted traffic. Decrypted traffic will
continue to move down the list of rules. It will be encrypted again after the scan (if it is
not blocked by any rule).
Log only: The Stormshield Network firewall does not do anything. This is useful when
you wish to log only certain types of traffic without applying any particular action. In
this case, filter rules will continue to be evaluated as no action (Block or Pass) has
been applied on the traffic.
Reinit. TCP/UDP This option mainly concerns TCP and UDP traffic:
For TCP traffic, a "TCP reset" packet will be sent to its sender.
For UDP traffic, a "port unreachable" ICMP packet will be sent to its sender.
As for other IP protocols, the Stormshield Network firewall will simply block the packet
corresponding to this filter rule.
If you are editing the global filter policy, a 6
This option makes it possible to stop comparing the traffic against the rest of the
global policy, but to compare it directly with the local policy.
The value is set to none by default, so no logs are recorded. Several log levels are
possible:
None: No logs will be kept if the packet corresponds to this filter rule.
NOTE
This option is not available if you have selected the "Log" action in the previous
field.
Log (filter log): If you select this option, a log will be added to the filter logs.
Minor alarm: As soon as this filter rule is applied to a connection, a minor alarm will be
generated. This alarm is transferred to the logs, and can be sent by Syslog (Logs –
Syslog – IPFIX) or by e-mail (see module E-mail alerts).
Major alarm: As soon as this filter rule is applied to a connection, a major alarm will be
generated. This alarm is transferred to the logs, and can be sent by Syslog (Logs –
Syslog – IPFIX) or by e-mail (see module E-mail alerts).
In order to use this field, you must first create a Time Object in the menu Objects>Time
Objects.
You will then be able to define the period/ day of the year / day of the week / time/
recurrence of rule validity.
SNS - USER CONFIGURATION MANUAL V.3
th
option will appear: "Delegate".
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
FILTERING AND NAT