T
On 5 Jul 2005 at 9:25, Marcus J. Ranum wrote:
> Paul D. Robertson wrote:
> >The new Watchguard software "automatically" decides ruleset
This is not correct. If you CHOOSE, the policy manager will order the
ruleset for you. Manual mode is available in the details view. Right-
click any policy and you can switch to manual mode and move policies
in whatever order you wish
> >evaluation order, there's no easy way that I can find to figure
> >out what order something's going to be evaluated in.
I don't understand this comment. The help page explains exactly how
the policies are ordered, precedence actions, etc.
"Fireware Policy Manager automatically sorts policies from the most
detailed to the most general. Each time you add a policy, Policy
Manager compares the new rule with all the rules in your
configuration file. To set the precedence, Policy Manager uses these
criteria:
1. Protocols set for the policy type
2. Traffic rules of the To field
3. Traffic rules of the From field
4. Firewall action
5. Schedule
6. Alphanumeric sequence based on policy type
7. Alphanumeric sequence based on policy name...
<additional details not cut-pasted>
> When I suggested that they optimize the "deny all" default deny to the
> top of the sequence, because then it'd really scream - it took him a
> couple of seconds to laugh.
This is the policy order I have on my kids' subnet;-)
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Jul 05 2005
Intro
