Documente Academic
Documente Profesional
Documente Cultură
policy (mode)
What are Rule-Based and User-Based policies?
Rule-Based is a management based on current firewall policy which can apply to different users
with existing firewall rules and policies.
User-Based is a management based on users request which can specify different users with userdefined firewall rules and policies.
Before knowing how Rule-Based / User-Based policy management works, please refer to the
following description for getting acquainted with the types of firewall rules.
z
Active Rule: The filter rule is defined in Firewall>>Filter Setup. Any filter rule with Active
checkbox is checked. You may also call them Black/White Rule. In below figure are rule
xNetBios->DNS and for server.
Inactive Rule: The filter rule is defined in Firewall>>Filter Setup and can be selected from
User Management>>User Profile. Any filter rule with Active checkbox is unchecked. You
may also call them User Rule. In below figure are rules of employee to vpn, manager and for
guest. Such rule is the one which can be selected for applying under User-Based mode only.
Default Rule: The rule set in the Firewall >> General Setup >> Default Rule page.
Below shows the explanation of application firewall profile for the above flowchart:
z
The application firewall profile is set in the Firewall >> Filter Setup page.
If the Action is Block Immediately or Block If No Further Match, the packet will be dropped
immediately.
If the Action is Pass Immediately or Pass If No Further Match, the packet will be checked
according to the option selected by the User Management.
If authentication is not required (User Management is None), the packet will be passed
immediately.
If authentication is required, the source of this packet must authenticate itself by using an
account belonging to the User Object or User Group selection in the User Management.
If the authentication is successful, further firewall policy checks will be performed, such as
URL Content Filter and Web Content Filter. If this packet passes all policies, it will be passed
to the Internet. Otherwise it will be dropped.
Below shows the explanation of application firewall profile for the above flowchart:
z
The default rule is set in the Firewall >> General Setup >> Default Rule page.
If the Action is Block, the packet will be dropped immediately no matter whether User
Management is setup.
If the Action is Pass, the packet will be checked according to the option selected by the User
Management.
If authentication is not required (User Management is None), the packet will be passed
immediately.
If authentication is required, the source of this packet must authenticate itself by using an
account belonging to the User Object or User Group selection in the User Management.
If the authentication is successful, further firewall policy check will be performed such as URL
Content Filter and Web Content Filter. If this packet passes all policies, it will be transferred to
the Internet. Otherwise it will be dropped.
5
(Inactive Rule)
(Inactive Rule)
Below shows the explanation of application firewall profile for the above flowchart:
needs not
If the packet matches any one of the IP filter rules, the source of this packet
authentication for Internet access.
Further firewall policy checks will then be performed, such as URL content filter and Web
content filter. Please refer to the following flowchart.
(Inactive Rule)
Below shows the explanation of application firewall profile for the above flowchart:
z
The packet requires the source of the packet to authenticate itself for Internet access.
If the authentication is successful, it will be checked by the Policy set in user profile. The policy
means the inactive rules configured in Firewall>>Filter Setup.
10
In a user account (defined in User Management>>User Profile), all User Rules are listed in the
drop down menu of Policy. You can only select one of them and apply it for a user account. You
may also select the Default Rule defined by Firewall >> General >> Default Rule.
Note: In User-Based mode, the User Management option will be hidden in the Firewall >>
General >> Default Rule and Firewall >> Edit Filter Rule setup pages. That means you
cannot see such option in the corresponding web pages.
11
Rule-Based or User-Based?
If there are many users required authentication for Internet access, and they share common firewall
policies, please use Rule-Based mode.
If there are few users required authentication for Internet access, and they use different firewall
policies respectively, please use User-Based mode.
12