Changing the order of firewall rules in Symantec Endpoint Security
Symantec Endpoint Security
The firewall processes the firewall rules in the order they are listed in the Firewall policy. If the first rule does not specify how to handle a packet, the firewall inspects the second rule. This process continues until the firewall finds a match. After the firewall finds a match, the firewall takes the action that the rule specifies. Subsequent lower priority rules are not inspected. For example, if a rule that blocks all traffic is listed first, followed by a rule that allows all traffic, the client blocks all traffic.
You can determine how the firewall processes firewall rules by changing their order. For better protection, place the most restrictive rules first and the least restrictive rules last.
The best practices for creating a rule base include the following order of rules:
Rules that block all traffic.
Rules that allow all traffic.
Rules that allow or block specific computers.
Rules that allow or block specific applications, network services, and ports.
The following table shows the order in which the firewall processes the rules, firewall settings, and intrusion prevention settings.
Intrusion Prevention settings, traffic settings, and stealth settings
Port scan checks
IPS signatures that are downloaded through LiveUpdate.
- To change the order of firewall rules inSymantec Endpoint Security
- In the Firewall policy, underFirewall, select the check box for the rule(s) you want to move and then selectCut.You can select multiple rules at a time. SelectCancel Cutif you decide you don't want to move the rule.
- Select the rule check box that should appearafterthe rule you move, and selectPaste.