User Tools

Site Tools


rules_execution

Rule execution order.

All proxy and firewall rules are stored in profiles. Profile is a simple set of rules. Profiles can be assigned to users, groups of users or roles of users. At the moment of creation each user, group of users, role of user gets its personal profile is assigned to it. Personal rules are added into these profiles.

When a new user is created a role is associated with him and the profile of this role will apply to this user. Any number of separately created profiles besides the personal profile can be assigned to user or group of users. So, a user can have: 1) personal profile; 2) profile of assigned role; 3) separately added profiles. A group of users can have: 1) personal profile; 2) separately added profiles.

The priority of profiles when analyzing traffic for users is as follows:

  1. Personal profile of user
  2. Profile of assigned role and added profiles for user. Important: these profiles are processed as a single profile.
  3. Profile of parental group.
  4. Profiles which were assigned to the parental group. Important: these profiles are processed as a single profile.
  5. Steps 3 and 4 are repeated until the root group is reached.

In each profile the rules are checked in the following order:

  1. Skipping
  2. Permitting
  3. Blocking
  4. Content filter and DLP.

If the permitting or blocking rule matches, then checking of all remaining rules of current and subsequent profiles ends at this point, except for the rules of the content filter and DLP rules of the current profile. If the skipping rule matches, then the check of ALL subsequent rules in the current profile is skipped and the rule checking process proceeds to the next profile.

rules_execution.txt · Last modified: 2020/03/19 14:57 by zog