All UTM services management features, “Web content filter”, “WEB 2 application filter and control”, “SSL interception”, “Deep Inspection”, “Routing”, “QoS control (Traffic Shaping)”, “Traffic guarantee and priority”, “Traffic quota and time control”, “File size control”, “Header and content filters”, “Link balancing”, “Multiple services”, “NAT” and “ Proxy ”, are applied through policies.

The definition of security rules and policies integrates all these resources in the same interactive interface, and it is possible to apply a set of filters in the same policy that make up the integrated resources. The interface allows you to track all policies from TAGs that make it possible to group the rules by purpose, which facilitates filters for policy searches. The tags are added automatically by the system or the administrator can define one.

  1. In just one configuration interface, the integration of resources in a policy:


  • WEB Category;
  • Application Control;
  • Badnwidth control;
  • Multiple Services;
  • QoS;
  • Time and Traffic Quota;
  • Choice of link profile;
  • Choice of deep inspection profile;
  • Virus and Malware Control.


2. The configuration or activation of services and resources do not imply the creation of a security policy;

3. Security policies are not applied individually to each service.


With the exception of "SD-WAN" and "Firewall" services, which include exclusive rules or policies in the module itself. These do not apply to security policies, but exclusively to the service;


4. The security policies integrate [N] analysis conditions, which interact with the different resources of each service, and all of this in the same security policy..


Which makes managing policies much easier and more dynamic for the administrator;


5. Policies work in layers and their analysis behavior works in "First Match Wins" mode. (Literally means ... The 1st among the WIN competitors);

6. Security policies are registered in groups and by priority and support reordering.


Through the evaluation of logs and statistical reports, it is possible to reassess priorities and reorder security policies, according to the volume or importance of traffic.
Consequently, improvement in server performance;


7. Security policy actions are:


  • Allow;
  • Deny;
  • Reject.


These are the first basic concepts that you should know.



Compliance policy features


  • Operation method:
    • First-match wins;
    • Priority sorting.


Direct relationship with firewall performance supports multithreaded functionality that makes the most of processors. It allows to order the rules, so that the most used policies or rules are placed above the less used policies, resulting in more speed for analysis.

The definition of rules and policies meet the following specifications and set of filters and conditions for taking action.

Below the list of "Actions" VERSUS "Conditions of the rules":


Table 1 - Policy Actions

Actions
Allow
Deny
Reject

VERSUS...


Tabela 2 - Rules Conditions

Condition by:

Policy conditions:

Server

The same rule can be applied to multiple servers;

Configured on the same screen.

Properties

Name;
Description;
Tags;
Action;
Policy Group;
Position;
Enable traffic logging;
Time/Period/Date.

Connection

Source
Network Zone;
Network Interface;
IP Address;
MAC Address;
Destination
IP Address;
Service.
Identification
Authenticated
(Users/ Groups);

Content

Web Proxy
FTP;
HTTP;
HTTPS;
SSL Inspection;
Validate SSL certificate;
SSL Common Name;
Malware Scanning;
Explicit Proxy.
Web Filter
Web Categories;
Applications;
URL Filter;
Browsers;
HTTP method;
Email Protection
SMTP;
POP3.

Control

Surfing Control
Content-Type Filter;
HTTP Filter Header;
Filter;
Surfing Quotas
Maximum Time;
Maximum Traffic;
Max Download Size;
Max Upload Size.

Security

Deep Inspection
Sensor.
Threat Blocking
Compromised Addresses;
Geolocation.
Packet Filter
TTL;
Package Type;
Packet Content;
TCP MSS.

Routing

Gateway
NAT;
SD-WAN.
QoS
Traffic Shaping;
Flag packets (TOS);
Flag packets (DSCP).


The definitions are identical for IPv4 and IPv6, with changes only in their addresses and some proprietary characteristics of each version of the protocol.


Policies


Contains the options:


  • No labels