You can group rules to make managing them easier. Normal rule groups do not affect the way Host Intrusion Prevention handles the rules within them, they are still processed from top to bottom.
Host Intrusion Prevention also supports a type of rule group that affects how it handles rules. These groups are called connection-aware groups. Rules within connection-aware groups are only processed when certain criteria are met.
Connection-aware groups let you manage rules that apply only when you connect to a network using a specific medium (LAN, wireless, VPN, or dial-up). You can also specify additional criteria to distinguish connection-aware groups based on the same connection type.
These criteria can include any or all of the following:
If two connection-aware groups apply to a connection, Host Intrusion Prevention uses normal precedence. The firewall uses the first applicable connection-aware group in its rule list.
When Host Intrusion Prevention matches a connection-aware group’s criteria to an active connection, it applies the rules within the connection group. It treats the rules as a small rule set and uses normal precedence. If some rules do not match the intercepted traffic, firewall ignores them.