Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Rule Based User Based

    Încărcat de

    Sunny Girija Sapru
    26 vizualizări12 pagini
    ruke

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    ruke

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    26 vizualizări12 pagini

    Rule Based User Based

    Încărcat de

    Sunny Girija Sapru
    ruke

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 12

    Difference between Rule-Based policy and User-Based and

    policy (mode)
    What are Rule-Based and User-Based policies?
    Rule-Based is a management based on current firewall policy which can apply to different users
    with existing firewall rules and policies.
    User-Based is a management based on users request which can specify different users with userdefined firewall rules and policies.
    Before knowing how Rule-Based / User-Based policy management works, please refer to the
    following description for getting acquainted with the types of firewall rules.
    z

    Active Rule: The filter rule is defined in Firewall>>Filter Setup. Any filter rule with Active
    checkbox is checked. You may also call them Black/White Rule. In below figure are rule
    xNetBios->DNS and for server.

    Inactive Rule: The filter rule is defined in Firewall>>Filter Setup and can be selected from
    User Management>>User Profile. Any filter rule with Active checkbox is unchecked. You
    may also call them User Rule. In below figure are rules of employee to vpn, manager and for
    guest. Such rule is the one which can be selected for applying under User-Based mode only.

    Default Rule: The rule set in the Firewall >> General Setup >> Default Rule page.

    Inactive rules can be


    applied under UserBased mode only

    Active rules can be applied


    under Rule-Based mode

    Below illustrates how Rule-Based policy and User-Based policy work.

    Rule-Based Policy Flow Chart

    Packet matching the IP filter rule


    If a packet arriving at the router matches one IP Filter rule, it will check the firewall policy action
    first. Refer to the following flowchart.

    Below shows the explanation of application firewall profile for the above flowchart:
    z

    The application firewall profile is set in the Firewall >> Filter Setup page.

    If the Action is Block Immediately or Block If No Further Match, the packet will be dropped
    immediately.

    If the Action is Pass Immediately or Pass If No Further Match, the packet will be checked
    according to the option selected by the User Management.

    If authentication is not required (User Management is None), the packet will be passed
    immediately.

    If authentication is required, the source of this packet must authenticate itself by using an
    account belonging to the User Object or User Group selection in the User Management.

    If the authentication is failed, the authentication process repeats.

    If the authentication is successful, further firewall policy checks will be performed, such as
    URL Content Filter and Web Content Filter. If this packet passes all policies, it will be passed
    to the Internet. Otherwise it will be dropped.

    Refer to the following figure as an example.

    Packet not matching the IP filter rule


    When a packet arrives at the router, the router will check the IP Filter rules first.
    If it doesnt match any rule, the default rule will be applied to it. Refer to the following flowchart.

    Below shows the explanation of application firewall profile for the above flowchart:
    z

    The default rule is set in the Firewall >> General Setup >> Default Rule page.

    If the Action is Block, the packet will be dropped immediately no matter whether User
    Management is setup.

    If the Action is Pass, the packet will be checked according to the option selected by the User
    Management.

    If authentication is not required (User Management is None), the packet will be passed
    immediately.

    If authentication is required, the source of this packet must authenticate itself by using an
    account belonging to the User Object or User Group selection in the User Management.

    If the authentication is failed, the authentication process repeats automatically.

    If the authentication is successful, further firewall policy check will be performed such as URL
    Content Filter and Web Content Filter. If this packet passes all policies, it will be transferred to
    the Internet. Otherwise it will be dropped.
    5

    Refer to the following figure as an example.

    User-Based Policy Flow Chart


    (Active Rule)

    (Inactive Rule)

    Packet matching the IP filter rule


    When a packet arrives at the router, the router will check the IP Filter rules first. Such IP Filter rule
    means the active rule which defined in Firewall>>Filter Setup.
    If it matches any rule, the application firewall profile will be applied to it then. Refer to the
    following flowchart.
    (Active Rule)

    (Inactive Rule)

    Below shows the explanation of application firewall profile for the above flowchart:

    needs not

    If the packet matches any one of the IP filter rules, the source of this packet
    authentication for Internet access.

    Further firewall policy checks will then be performed, such as URL content filter and Web
    content filter. Please refer to the following flowchart.

    Packet not matching the IP filter rule


    When a packet arrives at the router, the router will check the IP Filter rules first. Such IP Filter rule
    means the active rule which defined in Firewall>>Filter Setup.
    If the packet doesnt match any filter rule, the router will not check the Default Rule. Instead, it will
    be authenticated directly. Refer to the following flowchart.
    (Active Rule)

    (Inactive Rule)

    Below shows the explanation of application firewall profile for the above flowchart:
    z

    The packet requires the source of the packet to authenticate itself for Internet access.

    If the authentication is failed, the authentication process repeats automatically.

    If the authentication is successful, it will be checked by the Policy set in user profile. The policy
    means the inactive rules configured in Firewall>>Filter Setup.

    More information for Inactive Rule


    Suppose there are several User Rules set in Filter Set 1, Set 2 and Set 3. Be aware that many rules
    are inactive for the Active boxes are not checked.

    10

    In a user account (defined in User Management>>User Profile), all User Rules are listed in the
    drop down menu of Policy. You can only select one of them and apply it for a user account. You
    may also select the Default Rule defined by Firewall >> General >> Default Rule.

    These are the inactive


    rules defined in
    Firewall>>Filter
    Setup.

    Note: In User-Based mode, the User Management option will be hidden in the Firewall >>
    General >> Default Rule and Firewall >> Edit Filter Rule setup pages. That means you
    cannot see such option in the corresponding web pages.

    Such option will be hidden


    if you choose User-Based
    mode in User
    Management>>General
    Setup.

    11

    Rule-Based or User-Based?
    If there are many users required authentication for Internet access, and they share common firewall
    policies, please use Rule-Based mode.
    If there are few users required authentication for Internet access, and they use different firewall
    policies respectively, please use User-Based mode.

    12

    S-ar putea să vă placă și