Creating new rules
When installing a new application which accesses the network, or if there was a modification to an existing connection (remote side, port number, etc.), a new rule must be created.
To add a new rule, click on the New button in the Zone and rule setup window. Clicking on this button opens a new dialog window which allows the specification of a new rule. The upper part of the window contains three tabs:
- General: Specifies the name of the rule, direction, action and protocol. Direction is either in or out (or both). Action means allowing or denying the given connection.
- Local side: Displays information about the local side of the connection. The information comprises the number of the local port or port range and the name of the communicating application.
- Remote side: This tab contains information about the remote port (port range). It also allows the user to define a list of remote IP addresses or zones for a given rule.
A good example of adding a new rule is allowing your Internet browser to access the network. The following must be provided in this case:
- On the General tab, enable outgoing communication via the TCP & UDP protocol
- Add the process representing your browser application (for Internet Explorer it is iexplore.exe) on the Local tab
- On the Remote tab, enable port number 80 if you wish to allow standard World Wide Web services only
To modify an existing rule, click on the Edit button. All the above-mentioned parameters (which are described in the chapter Creating new rules) can be modified.
Modification is required each time any of the monitored parameters are changed. As a result, the rule does not fulfill the conditions and the specified action cannot be applied. In the end, the given connection may be refused, which can result in problems with operation of the application in question. An example is a change of network address or port number for the remote side.