I'm wondering about restricted resources item inside access restrictions. When the default "all network access" is unchecked. It shows all the different options, remote IP(s), remote port(s), local port(s), etc. And they all default to "Block All". Shouldn't that be "Block none"? And then with block all, block only, and block all except as additional options?
Also, is it feasible to block more than one application protocol at once? Say I want to block all the messenger protocols all at once?
"restricted resources" question
Moderator: Moderators
Re: "restricted resources" question
No. Everything defaults to the situation where all resources are blocked.
Let me give you an example. Let's say you only want to block all access to/from remote IP 1.1.1.1. So you go in and specify "block only" for the remote IP, and everything else is "block all" by default. You will want "Block All" for both remote and local ports -- you want to block all ports on that IP. Same with Transport protocol -- you want to block UDP and TCP and ICMP. So, you're all set -- to do this you only need to specify "block only" for the remote IP, everything else should be "block all" In this scheme it makes most sense for everything to default to "block all", otherwise if you only want to match one criteria you have to reset most fields
Think of the rule as a giant if statement with each clause connected by "AND" with each control defining one clause. The controls that allow multiple ips/options (e.g. local ip, remote ip, web url), are internal clauses connected by OR statements that are inside one of the clauses connected by AND. If the statement returns true, the resource is blocked.
It may be possible to update it to allow matching multiple layer7 protocols. I'll see.
Btw... the biggest way I managed to increase performance/decrease memory was by making ABSOLUTELY sure to minimize the number of layer7 matching rules to the bare minimum possible given the configuration. The more layer7 matches you have the more memory problems you're going to see -- they're a HUGE drain.
Let me give you an example. Let's say you only want to block all access to/from remote IP 1.1.1.1. So you go in and specify "block only" for the remote IP, and everything else is "block all" by default. You will want "Block All" for both remote and local ports -- you want to block all ports on that IP. Same with Transport protocol -- you want to block UDP and TCP and ICMP. So, you're all set -- to do this you only need to specify "block only" for the remote IP, everything else should be "block all" In this scheme it makes most sense for everything to default to "block all", otherwise if you only want to match one criteria you have to reset most fields
Think of the rule as a giant if statement with each clause connected by "AND" with each control defining one clause. The controls that allow multiple ips/options (e.g. local ip, remote ip, web url), are internal clauses connected by OR statements that are inside one of the clauses connected by AND. If the statement returns true, the resource is blocked.
It may be possible to update it to allow matching multiple layer7 protocols. I'll see.
Btw... the biggest way I managed to increase performance/decrease memory was by making ABSOLUTELY sure to minimize the number of layer7 matching rules to the bare minimum possible given the configuration. The more layer7 matches you have the more memory problems you're going to see -- they're a HUGE drain.
Re: "restricted resources" question
Thanks for the reply. I understand the reasoning of "Block all" now.
Actually, for L7, I only need to block Live Messenger and Yahoo! Messenger. After I posted, I noticed Yahoo! isn't even included as one of the L7 protocols.
Actually, for L7, I only need to block Live Messenger and Yahoo! Messenger. After I posted, I noticed Yahoo! isn't even included as one of the L7 protocols.