Firewall tab
From the Firewall tab, you can configure the Guardium® firewall for an External S-TAP®. Using the Guardium firewall can slow performance and might cause other issues. Guardium suggests that you use the firewall feature only when necessary.
The Firewall tab parameters are based on the Linux-UNIX firewall parameters for S-TAPs. For more
information, see Linux-UNIX: Firewall parameters. For more
information about Guardium policies and the firewall, see Blocking rule actions.
Parameter | Default | Meaning |
---|---|---|
Firewall installed | 0 | Enables or disables the firewall feature. Valid values:
|
Firewall timeout | 10 (seconds) | Time, in seconds, to wait for a verdict from the Guardium system. If the firewall times out, the Firewall fail close value determines whether to block or allow the connection. The value can be any integer value. |
Firewall default state | 0 | Sets the default state for the firewall. Valid values:
|
Firewall fail close | 0 | The action to take when the verdict cannot be set by the policy rules, for example, if
Firewall timeout expires.
|
Firewall force watch | A comma-separated list of IP/mask values. If Firewall default state is set to 0 (off), then Firewall force watch specifies the network address or mask of the IP addresses that you want the firewall to watch, overriding the default. |
|
Firewall force unwatch | A comma-separated list of IP/mask values. If Firewall default state is set to 1 (on), then Firewall force unwatch specifies the network address or mask of the IP addresses that you want the firewall to ignore, overriding the default. |