Firewall Rules

The Firewall Rules section of the Status box shows all the firewall rules currently implemented on the VPN Client. The rules are arranged in order of importance, with the highest importance at the top. All but the last two rules are defined by the VPN administrator to allow inbound and outbound traffic between the VPN Client and the secure gateway, as well as between the VPN Client and the private networks with which it communicates. Because the rules are implemented from the top down, the VPN Client enforces them before trying the two CPP default rules at the bottom. This approach lets the traffic flow to and from private networks.

The bottom two rules define the filter’s default actions, which are to drop both inbound and outbound traffic. These rules are implemented only if the traffic doesn’t match any of the preceding rules.

To see the full fields of a specific rule, click the first column in the top half of the Firewall Rules: window; the selected rule is displayed in the bottom half of the window.

A firewall rule includes the following fields and options:

Action	Action to be taken if the data traffic matches the rule: Drop—Discard the session. Forward—Allow the session to go through.
Direction	Direction of traffic to be affected by the rule: Inbound—traffic coming in to the local machine. Outbound—traffic going out from the local machine.
Source Address	Source address of the traffic this rule affects: Any—all traffic, for example, drop any inbound traffic. IP address and subnet mask—A specific host address. Local—The local machine for outbound traffic.
Destination Address	Destination address this rule affects: Any—All traffic. Local—Local machine if the direction is inbound.
Protocol	The Internet Assigned Number Authority (IANA) number of the protocol covered by this rule concerns (6 for TCP, 17 for UDP).
Source Port	Source port used by TCP or UDP.
Destination Port	Destination port used by TCP or UDP.

Firewall Rules

The Stateful Firewall Process

alperen