Changing the order of firewall rules in
Symantec Endpoint Security

The firewall processes the firewall rules in the order they are listed in the Firewall policy. If the first rule does not specify how to handle a packet, the firewall inspects the second rule. This process continues until the firewall finds a match. After the firewall finds a match, the firewall takes the action that the rule specifies. Subsequent lower priority rules are not inspected. For example, if a rule that blocks all traffic is listed first, followed by a rule that allows all traffic, the client blocks all traffic.
You can determine how the firewall processes firewall rules by changing their order. For better protection, place the most restrictive rules first and the least restrictive rules last.
The best practices for creating a rule base include the following order of rules:
1st
Rules that block all traffic.
2nd
Rules that allow all traffic.
3rd
Rules that allow or block specific computers.
4th
Rules that allow or block specific applications, network services, and ports.
Processing order shows the order in which the firewall processes the rules, firewall settings, and intrusion prevention settings.
Processing order
Priority
Setting
First
Intrusion Prevention settings, traffic settings, and stealth settings
Second
Built-in rules
Third
Firewall rules
Fourth
Port scan checks
Fifth
IPS signatures that are downloaded through LiveUpdate.
  1. To change the order of firewall rules in
    Symantec Endpoint Security
  2. In the Firewall policy, under
    Firewall
    , select the check box for the rule(s) you want to move and then select
    Cut
    .
    You can select multiple rules at a time. Select
    Cancel Cut
    if you decide you don't want to move the rule.
  3. Select the rule check box that should appear
    after
    the rule you move, and select
    Paste
    .