Service precedence
3If you are using the HTTP proxy service because you want to use WebBlocker, follow the procedure in the next section. Otherwise, enable HTTP proxy
properties according to your security policy preferences.
For detailed descriptions of HTTP proxy options, see the Reference Guide.
Zip files are denied when you deny Java or ActiveX applets, because zip files often contain these applets.
4Click the Safe Content tab.
5Add or remove properties according to your security policy preferences. Click OK.
Service precedence
Precedence is generally given to the most specific service and descends to the most general service. However, exceptions exist. There are three different precedence groups for services:
•The “Any” service (see the Online Help system for information about the “Any” packet filter service). This group has the highest precedence.
•IP and ICMP services and all TCP/UDP services that have a port number specified. This group has the second highest precedence and is the largest of the three.
•“Outgoing” services that do not specify a port number (they apply to any port). This group includes Outgoing TCP, Outgoing UDP, and Proxy.
“Multiservices” can contain subservices of more than one precedence group.
Precedence is determined by group first. Services from a higher precedence group always have higher precedence than the services of a
The precedences of services that are in the same precedence group are ordered from the most specific services (based on source and destination targets) to the least specific service. The method used to sort services is based on the specificity of targets, from most specific to least specific. The following order is used:
From | To | Rank |
|
|
|
IP | IP | 0 |
|
|
|
List | IP | 1 |
|
|
|
IP | List | 2 |
|
|
|
List | List | 3 |
|
|
|
56
