Linux-UNIX: S-TAP Control: Firewall parameters

These parameters affect the behavior of the S-TAP with respect to the firewall.

Name Default value Description
Firewall installed   Firewall feature enabled. Valid values:
  • X mark: disabled.
  • check mark: enabled.
Firewall timeout 2 Time, in seconds, to wait for a verdict from the Guardium® system. If the firewall times out, the value of the parameter Firewall fail close determines whether to block or allow the connection.
Valid values: 0-10.
Firewall default state 0 Valid values:
  • 0: Firewall is activated per session when triggered by a rule in the installed policy.
  • 1: All traffic is watched for firewall policy violations
  • 2: All traffic is watched for firewall policy violations for the initial priority_count packets (guard_tap.ini parameter). S-TAP® watches the initial part of every new session to your DB. This is useful when you have session based policies, firewall rules based on the user, or some other information that is passed early in the session. It limits the impact of firewall on the performance. Instead of watching every bit of the session (Firewall default state=1) and waiting for an UNWATCH verdict, S-TAP simply unwatches automatically if no WATCH or DROP is sent.
Firewall fail close X mark The action when the verdict cannot be set by the policy rules, for example the Firewall timeout expires. Valid values:
  • X mark: the connection goes through.
  • check mark: the connection is blocked.
Firewall force watch   When Firewall default state, then Firewall force watch specifies the network/mask of the IPs you want the firewall to watch, overriding the default (off).

Valid value: comma separated list of IP/mask values.

Firewall force unwatch   When Firewall default state=1 (on), then Firewall force unwatch specifies the network/mask of the IPs you want the firewall to ignore, overriding the default (on).

Valid value: comma separated list of IP/mask values.