How Firewall Rule Enforcement Works

STEP 3 On the Edit Firewall Rule page in the Firewall Rule Setup table, click the Enable check box to enable the rule.

To disable the rule, clear the check box.

STEP 4 Click Save.

Change the Order in which Firewall Rules are Applied

STEP 1

STEP 2

From the LSM menu, select Firewall > Firewall Rules.

On the Firewall Rules page, select the row you want to move. Then, drag the rule to the desired location.

Firewall Services

Firewall Services and Service Groups are used to specify Firewall Rules and Virtual Servers.

Firewall Service — An application or protocol that can be configured in a firewall rule to police traffic. For example, to monitor all traffic from the http service, select the http service when you configure the firewall rule for this policy. You can also specify a specific IP protocol to police. For device maximum configurable values, see “Appendix D‚ “Device Maximum Values”.

Firewall Service Group —A logical grouping of services that allows you to configure a firewall rule or virtual server to apply to traffic from more than one service. For example, the dns Service Group includes the dns-tcp and dns-udp services. To monitor all dns-tcp and dns-udp traffic, select the dns Service Group when you configure the firewall rule for this policy. You can have up to 50 Service Groups on an X family device.

Service groups allow you to configure a single firewall rule or virtual server to apply to traffic from a collection of services rather than creating individual configurations for each service. After the

X Family LSM User’s Guide V 2.5.1

75