Setting Firewall Rules based on Outgoing Activity by IP Address with the Rule Wizard
To set rules based on the outgoing activity analyzed for the Rule Wizard, open the Plan Outgoing IP Security screen, as shown in Analyzing Recent Data on Outgoing Activity by IP Address with the Rule Wizard (STRFW > 2 > 52).
| Plan Outgoing IP Security Type choices, press Enter. Subset . . 1=Statistics 2=Set by use 3=Allow by use 4=Delete 5=DSPFWLOG 6=Create rule 9=Add similar C>R=Current to Revised Y Allowed Y=Allow Specify revised authority in the R column. N Rejected N=Reject Y Allowed (by generic* rule) FTP/ N Rejected (by generic* rule) RE- Number of Logged Entries EXEC FTP/REX Opt IP-Address C>R 1.1.1.105 Y 87 1.1.1.137 Y 2 1.1.1.212 Y 18237 127.0.0.1 N 1 185.113.4.132 Y 38 185.113.4.146 Y 6 185.113.4.148 Y 225 Bottom F3=Exit F6=Add New F8=Print F11=Alt.view F12=Cancel |
To set new rules corresponding to activity seen for the IP Address, enter 2 in the Opt field for that address. The Update Outgoing IP Firewall window appears:
| Plan Outgoing IP Security Type choices, press Enter. Subset . . ............................................................................ : Update Outgoing IP Firewall : : : : Existing generic* rule makes this entry redundant. : : R D : : FTP/ TEL D TCP M D FIL : ) : IP Subnet REXEC NET B SGN T M SRV : : New 80.179.26.75 255.255.255.255 Y : O : Existing 80.179.26.75 255.255.255.224 Y : : : : Write this rule . . . . . . . Y Y=Yes, N=No : : Same answer to all . . . . . Y=Yes, N=No : : : : : : F12=Cancel : : : :..........................................................................: Bottom F3=Exit F6=Add New F8=Print F11=Alt.view F12=Cancel |
The new rule would be specifically for IP address 1.1.1.105, and would accept requests for outdoing FTP/REXEC access from it. In this case, however, Firewall already accepts the requests, since the IP address is within the range starting at 1.1.1.1 with the Subnet mask 255.255.0.0, so the screen suggests that creating the rule would be redundant.
To set new rules corresponding to how activity differed from the existing rules, enter 3 in the Opt field for that address. The Update Outgoing IP Firewall window appears. In this case, it would be the same as above.
Since, again, the only difference between the existing rules and the new rule for IP address 1.1.1.105 was that access was requested would be redundant, the screen notes that, and there would not appear to be any point to making the change.
To save changes and exit this window, press Enter. The Rules Wizard saves the rule being changed and removes the line for that IP Address from the screen. You can see the resulting rule on the Dynamic Filtering- Outgoing IP Address Security screen, as shown in Setting Firewall Rules for Outgoing Activity by IP Address (STRFW>2 > 5).
To exit this window without saving changes, press the F12 key. The window closes. The changes that would have been made are marked in the columns for those servers in the lines for those IP addresses on the screen. You can then further work with the rules and save them manually, as shown in Analyzing Recent Data on Outgoing Activity by IP Address with the Rule Wizard.