Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X4500
121122123124125126127128129130
Firewall Policies
114 Firebox X Edge e-Series
Policy rules
A Firebox X Edge policy is one or more rules that together monitor and control traffic. These rules set the
firewall actions for a policy:
Allow lets data or a connection through the Edge.
Deny stops data or a connection from going through the Edge, and sends a response to the source.
No Rule sets a rule to off, or disables the rule.
It is not always easy to decide if you should select Deny or No Rule for a policy. When you set the rule to No
Rule, the action the Edge takes for that packet is dependent on lower precedence rules for the policy. If there
are no other rules for the policy, then the Edge denies the packet by default.
Use the Deny rule when you have a lower precedence rule set to Allow, but you want to deny packets from a
specific IP address or network. For example, if you want to allow most HTTP traffic, you set the common packet
filter policy to Allow. If you want to deny HTTP traffic from one IP address, create a custom packet filter for that
IP address and set the rule to Deny. When you select Deny, the policy uses slightly more network resources.
One or two Deny rules does not affect system performance, but if you set all common packet filter rules to
Deny instead of the default No Rule, it can dramatically affect system performance.
Incoming and outgoing traffic
Traffic that comes from the external network is incoming traffic. Traffic that goes to the external network is
outgoing traffic. By default, the Firebox X Edge e-Series denies incoming traffic to protect your trusted and
optional networks.
The default configuration of the Edge allows this traffic:
From the trusted network to the external network
From the trusted network to the optional network
From the optional network to the external network
The default configuration of the Edge denies this traffic:
From the external network to the trusted network
From the optional network to the trusted network
From the external network to the optional network
Packet filters are set separately for incoming and outgoing policies.