Security rules

Traffic security rules are used to control the transmission of data on the network and to manage this data. Each rule consists of traffic filtering criteria and an action that is applied to traffic that matches the criteria.

Kaspersky NGFW supports two types of rules:

• The default rule is applied by default with the initial configuration. You can change the action set for the rule, assign security profile groups, edit the description of the rule, and enable or disable logging. You cannot delete or disable the default rule.
• You can create and configure custom rules based as needed.

When creating a rule, you can configure the traffic filtering criteria:

• Source IP addresses, IP address ranges, IP address subnets, ports, users, user groups, and security zones
• Destination IP addresses, IP address ranges, IP address subnets, ports, FQDNs, and security zones
• Services (protocols and ports)
• Applications

The action specified in the rule is applied to traffic that matches these criteria. The traffic can be allowed, blocked, or scanned with security engines. The criteria of the rule must be as precise as possible. The action selected in the rule is triggered only if the traffic fully satisfies the specified criteria.

Security rules are applied to transmitted traffic only if the traffic remains confined to security zones of one type.

For each rule, you can also configure a schedule.

For each security rule, you can enable the logging of the beginning and end of a session that matches this rule in the firewall session log. In this case, when a session created in accordance with this security rule is deleted, a corresponding record is made in the firewall session log.

Each rule has a priority, which corresponds to the position of the rule in the table. A rule that is higher in the table (has a lower number) has a higher priority and is triggered earlier. The solution matches traffic to rules in the order they appear in the table of rules, from top to bottom. As soon as a rule that matches the traffic is reached, the processing parameters specified in that rule are applied to the traffic, and the matching stops. We recommended placing more specific rules before more general rules.

You can set the priority of a custom rule when creating it, by specifying a priority number in the Priority field. You can change the priority of a rule in the rule editing window, or by dragging and dropping the rule to a new position in the table.

The default rule has no priority or number; it is displayed last in the list of rules. If the traffic does not match any custom rule, the action specified in the default rule is applied.

In this section Managing security rules Table of security rules Creating a security rule Cloning a security rule Changing the priority of rules Enabling or disabling a security rule Editing a security rule Deleting a security rule Managing unclassified sessions Configuring security rules on the command line

Page top