This tab lets you define traditional TCP/IP traffic filtering rules. Adaptive Defense 360 compares the value of certain fields in the headers of each packet sent and received by the protected computers, and checks it against the rules entered by the administrator. If the traffic matches any of the rules, the associated action is taken.
The system rules let you establish connection rules that affect the entire system (regardless of the process that manages them). They have priority over the rules that govern the connection of programs to the Internet/local network.
To develop an effective protection strategy it is necessary to follow the steps below in the order listed:
Set the firewall's default action. To do that, go to the Programs tab and choose an action from the Default action menu.
Allow access: Allows communications for all programs with no specific rules assigned. This is the default, basic mode: all programs with no specific rules assigned can communicate with the Internet/local network.
Deny access: Denies connections for all programs with no specific rules assigned. This is an advanced mode, as it requires adding rules for every frequently used program. Otherwise, those programs will not be allowed to communicate, affecting their performance.
Click the Add button to add new connection rules as well as the action to take.
The order of the rules in the list is not random. They are applied in descending order, therefore, if you change the position of a rule, you will also change its priority.
Next we describe the fields found in a system rule:
Rule name: The name of the rule. Two rules cannot have the same name.
Action to take: Defines the action to be taken by Adaptive Defense 360 if the rule matches the examined traffic.
Allow: Allows traffic
Deny: Blocks traffic. It drops the connection.
Direction: Sets the traffic direction for connection protocols such as TCP
Outbound: Outbound traffic
Inbound: Inbound traffic
Zone
Protocol: Allows you to specify the rule protocol. The Local ports field will vary depending on the chosen protocol.
TCP
UDP
ICMP
IP Types
Local ports / Services / Protocols: A different field will be displayed depending on the type of protocol chosen:
Local ports: Allows you to specify the TCP and UDP local ports. A drop-down menu is displayed with the most common ports, as well as a custom field to add ports within the range 0-65535. If you enter several individual ports, separate them with a comma between entries. Use a hyphen if you want to enter a range of port numbers. (E.g: 80, 25, 120-134).
Services: Allows you to specify the ICMP message subtype.
Protocols: Allows you to specify the high-level protocol that will travel in the IP packet examined.
Related topics