The Firewall feature uses firewall rules to determine how to handle network traffic. A rule is a set of conditions that traffic has to meet. Each rule has an associated action, either permit or block traffic. When Host Intrusion Prevention finds traffic that matches a rule’s conditions, it performs the specified action.
Host Intrusion Prevention uses precedence to apply rules: the rule at the top of the firewall rules list is applied first.
|
Host Intrusion Prevention handles precedence for domain-based rules differently. If domain rules are in the list, they are applied first. |
If the traffic meets this rule’s conditions, Host Intrusion Prevention allows or blocks the traffic. It does not try to apply any other rules in its rule list.
If, however, the traffic does not meet the first rule’s conditions, Host Intrusion Prevention looks at the next rule in its list. It works its way down through the firewall rule list until it finds a rule that the traffic matches. If no rule matches, the firewall automatically blocks the traffic. If Learn mode is activated, it prompts for an action to be taken; if Adaptive mode is activated, it creates a permit rule for the traffic.
Sometimes the intercepted traffic matches more than one rule in the list. In this case, precedence means that Host Intrusion Prevention applies only the first matching rule in the list.