Reasoft Network Firewall: Firewall Policy Overview

home / products / ReaSoft Network Firewall / online help file / firewall policy

Firewall Policy Overview

ReaSoft Network Firewall allows you to create your network security policy based on Firewall Policy rules. There are two types of Firewall Policy rules: Access Rules and Redirect Rules. Firewall Policy rules together with Network rules completely define the access policy of clients (including the ReaSoft Network Firewall host) to resources in other networks.

What is a firewall

A firewall is a complex software system that is designed to control client access from one network to another. You can use a firewall to specify which information resources clients can use. It protects computers and servers on your network against malicious access. A set of rules that permit or deny access from one network to another constitute a Firewall Policy.

To ensure protection against malicious access, ReaSoft Network Firewall performs Stateful packet inspection (the ACC technology). Stateful inspection provides enhanced security by keeping track of the state of network connections over a period of time. Only packets matching a known connection state will be allowed by the firewall; others will be rejected.

How firewall rules work

ReaSoft Network Firewall uses Firewall Policy rules (Access and Redirect) and Network rules to completely specify the rules of client access from one network to another. While processing a connection request, ReaSoft Network Firewall checks Network rules and Firewall Policy rules to decide if the access is forbidden or not.

Network rules and Firewall rules are arranged in the form of ordered lists (chains). Once a connection request is received, ReaSoft Network Firewall first checks Network rules to determine the type of network relationship (NAT or Route). If no connection between networks is specified, the connection will be blocked. If it finds the network relationship rule, ReaSoft Network Firewall checks Firewall Policy rules one by one to determine if the administrator allows this connection. If there is a permitting rule set for the connection in the list of Firewall Policy rules, it will be allowed.

The list of Firewall rules contains one built-in rule that blocks the entire traffic. This rule is located at the very end of the list. If there is no permitting rule set for the connection, the last default rule will be applied to it and it will be blocked.

Example

Suppose you have a server with two network interface cards (NIC) and installed ReaSoft Network Firewall. The local area network is connected to one NIC, the other one is connected to the Internet. LAN IP addresses are within one of private ranges (as defined in RFC 1918). You need to give all LAN clients access to web resources in the Internet. To do it, you need to:
Define the network connection type (local network and Internet). To do it, create a Network rule with the source specified as Local Network and the destination specified as Internet. Set the network relationship as NAT. Create a permitting Firewall Policy rule. To do it, create an Access rule with the source specified as Local Network, the destination specified as Internet and the HTTP and HTTPS protocols.