Services and Network Objects

The same Network Objects and Services are used throughout the SmartEndpoint and in SmartConsole. When you create a new object, it is also available in SmartConsole. If you change an object in the SmartEndpoint or SmartConsole, it is changed everywhere that the object is used.

To create a Network Object:

1. In the Inbound or Outbound Firewall Rule Base, open the Network Objects tab.
2. Click New.
3. Select the type of object from the New Object Type list.
4. Click OK.
5. In the Properties window, enter the required information.
6. Click OK.

To create a Service:

1. In the Inbound or Outbound Firewall Rule Base, open the Services tab.
2. Click New.
3. Select the type of service from the New Object Type list.
4. Click OK.
5. In the Properties window, enter the required information.
6. Optional: If you create a Group, In the Group Properties window, add Available Services to a group.
7. Click OK.

Adding Interfaces to Firewall Rules

You can add an interface column to the Inbound and Outbound traffic Firewall rule bases. Use this to configure different rules for different interfaces. For example, an interface that connects to a VPN can have different rules than a regular network interface.

To use the feature, define an interface as a network object: Host, Address Range, Network, or Group.

In Outbound Rules, the source is always the client computer. If you add a network object in the Interface column, the rule only applies to traffic that leaves from the interface of the client computer that is included in the rule.

In Inbound Rules, the destination is always the client computer. If you add a network object in the Interface column, the rule only applies to traffic that goes to the interface of the client computer that is included in the rule.

For example, in this example of Outbound Rules:

• Rule 1 allows all traffic from the external interface to all destinations.
• Rule 2 allows VPN traffic through TCP services to gateways that are part of the VPN community.
• Rule 3 blocks all non-VPN traffic from the VPN interface that was not allowed by Rule 2.

  No.	Name	Interface	Destination	Service	Action
  1	Allow all outgoing traffic from External interface	Host object called External_interface	Any	Any	Accept
  2	Allow VPN traffic	Host object called VPN_interface	Group of VPN Gateways	TCP	Accept
  3	Block Non-VPN traffic	Host object called VPN_interface	Any	Any	Drop

To add an interface column to your Firewall rules:

1. In the Policy tab, Firewall rule, double-click the inbound traffic or outbound traffic Action.
2. Right-click in one of the column headings and select Interface to show the interface column. You must do this again each time you open SmartEndpoint and want to see the column. It is hidden by default.
3. Right-click in the Interface column to change the interfaces for a rule. The default is Any.
4. Click OK.
5. Save.
6. Install policy.

Disabling and Deleting Rules

When you delete a rule, it is removed from the Rule Base and not enforced in the policy.

When you disable a rule, the rule is not enforced in the policy. The rule stays in the Rule Base with an X showing that it is disabled. Select Disable rule again to make the rule active.

To delete or disable a rule:

1. Right-click in the NO column of a rule
2. Select Delete Rule or Disable Rule.
3. Install policy.

The rule is not physically deleted or disabled until you install the policy.