Filter
Top Products
Configuring Security Settings
27
Importance of Rule Order
The System Policy typically contains one or more rules. Place the rules in the
order you want them applied. If you have one general rule and also an exception
to that rule, place the exception before the general rule; otherwise, the specific
rule is never applied.
It is critical that you order rules appropriately to ensure they behave as expected.
The following example shows what might happen if the rules are not in the cor-
rect order.
Example of rule ordering
Suppose you have created a destination workgroup for the finance managers at
your company. You need to send sensitive information to the managers, so you
have created a rule with high security settings. You decide that if one of the
finance managers does not meet the security action settings, you do not want to
transmit information. You also have the Default Rule with security settings to
use when communicating with everyone on the LAN. However, if the settings
fail to be negotiated, you will still allow the communication to take place with-
out security. The rules you have created appear in the table below.
• If rule fails Allow Communication without Security.
If the computers cannot negotiate a secure
communication, then communication is
allowed without any security. For computers
that use the Lockdown behavior—if the rule
fails, then communication is denied.
• Rule authentication Use System Policy’s settings.
When Packet Protect was installed, each
computer was set up to use a pre-shared key.
When two computers attempt to communicate
securely using a pre-shared key, each
computer must have the same key entered. If
these keys do not match, the rule cannot be
authenticated by the computers and it will fail.
Table 5: Correct Ordering for Rules
Rule Name
Destination
Workgroup
Security Action If rule fails
To Finance
Management
Finance
Managers
3DES+SHA1+None Deny
Default Rule Everybody DES+MD5+None Allow