Windows: Firewall parameters

These parameters affect the behavior of the S-TAP® (Software TAP) with respect to the firewall.

These parameters are stored in the [TAP] section of the S-TAP properties file.

Attention: If a parameter is available through both the GIM and the command line interface (CLI), then the GIM parameter, including any defaults, always overwrites any value that is available from WINSTAP_CMD_LINE.


GIM	guard_tap.ini	Default value	Description	Protocol version
WINSTAP_FIREWALL_INSTALLED	FIREWALL_INSTALLED	0	Firewall feature enabled. Valid values: 0: Disabled. 1: Enabled. Note: FIREWALL_INSTALLED and QUERY_REWRITE_INSTALLED cannot be enabled at the same time. If QUERY_REWRITE_INSTALLED is set to 1, then FIREWALL_INSTALLED is disabled.	7 and 8
WINSTAP_FIREWALL_TIMEOUT	FIREWALL_TIMEOUT	2	Time, in seconds, to wait for a verdict from the Guardium® system. If the firewall times out, the value of the parameter firewall_fail_close determines whether to block or allow the connection. Valid values: 0-10.	7 and 8
WINSTAP_FIREWALL_FAIL_CLOSE	FIREWALL_FAIL_CLOSE	0	The action when the verdict cannot be set by the policy rules, for example the expires. Valid values: 0: the connection goes through. 1: the connection is blocked.	7 and 8
WINSTAP_FIREWALL_DEFAULT_STATE	FIREWALL_DEFAULT_STATE	0	Valid values: 0: Firewall is activated per session when triggered by a rule in the installed policy. 1: All traffic is watched for firewall policy violations 2: All traffic is watched for firewall policy violations for the initial priority_count packets (guard_tap.ini parameter). S-TAP watches the initial part of every new session to your DB. This is useful when you have session based policies, firewall rules based on the user, or some other information that is passed early in the session. It limits the impact of firewall on the performance. Instead of watching every bit of the session (=1) and waiting for an UNWATCH verdict, S-TAP simply unwatches automatically if no WATCH or DROP is sent.	7 and 8
WINSTAP_FIREWALL_FORCE_WATCH	FIREWALL_FORCE_WATCH	NULL	When firewall_default_state=0 (off), then firewall_force_watch specifies the network/mask of the IPs you want the firewall to watch, overriding the default (off). Valid value: comma separated list of IP/mask values.	7 and 8
WINSTAP_FIREWALL_FORCE_UNWATCH	FIREWALL_FORCE_UNWATCH	NULL	When firewall_default_state=1 (on), then firewall_force_unwatch specifies the network/mask of the IPs you want the firewall to ignore, overriding the default (on). Valid value: comma separated list of IP/mask values.	7 and 8
WINSTAP_FIREWALL_VERDICT_DELAY	FIREWALL_VERDICT_DELAY	5	The number of milliseconds to delay before applying verdicts from the collector. Smaller values decrease user latency at the expense of increased CPU usage. Larger values decrease overall system CPU usage at the expense of increased user latency. Valid values: 0 - 30	8
WINSTAP_VERDICT_RESUME_DELAY	VERDICT_RESUME_DELAY	30	Allows database sessions to make progress when all collectors are down. The value is the number of seconds the S-TAP will delay sending verdict requests to the collector after a failover. During this time, S-TAP acknowledges the verdicts locally. After the time period expires, the S-TAP resumes sending verdict requests to the collector. Valid values: 0 - 300	8