Know about the Bypass firewall rule and how it is used in Deep Security.
Bypass rule is a special type of firewall rule designed for media-intensive protocols where filtering may not be desired. You can create this rule by selecting Bypass as the action when creating a new firewall rule.
The Bypass action differs from a Force Allow rule in the following ways:
- Packets matching "Bypass" will not undergo IPS filtering.
- Unlike Force Allow, Bypass will not automatically allow the responses on a TCP connection when Stateful Filtering is on.
- Some Bypass rules are optimized in a way that traffic will flow efficiently as if the agent was not there.
Here is how the Bypass rule is used:
Using Bypass when Stateful filtering is On
If you plan to use a Bypass Rule to skip DPI filtering on incoming traffic to TCP destination port N, and Stateful Configuration is set to perform stateful inspection on TCP, then you must create a matching outgoing filter for source port N to allow the TCP responses.
All Bypass rules are uni-directional. Explicit rules are required for each traffic direction.
The Bypass rule is designed to allow matching traffic through the fastest possible rate. Maximum throughput can be achieved with all the following settings:
- Priority: Highest
- Frame Type: IP
- Protocol: TCP, UDP, or other IP protocol (Do not use the "Any" option.)
- Source and Destination IP and MAC: all "Any"
- If the protocol is TCP or UDP and the traffic direction is "incoming", then the Destination Ports must be one or more specified ports (not "Any"), and the Source Ports must be "Any".
- If the protocol is TCP or UDP and the traffic direction is "outgoing", then the Source Ports must be one or more specified ports (not "Any"), and the Destination Ports must be "Any".
- Schedule: None
Packets that match the bypass rule will not be logged. This is not a configurable option.