Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Information about Bypass firewall rule in Deep Security

    • Updated:
    • 24 Aug 2016
    • Product/Version:
    • Deep Security 8.0
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Deep Security as a Service 2.0
    • Platform:
    • Windows 2000 Professional
    • Windows 2003 Standard Server Edition
    • Windows 2008 Standard Server Edition
    • Windows Vista 32-bit
    • Windows XP Home
Summary
Know about the Bypass firewall rule and how it is used in Deep Security.
Details
Public

Bypass rule is a special type of firewall rule designed for media-intensive protocols where filtering may not be desired. You can create this rule by selecting Bypass as the action when creating a new firewall rule.

The Bypass action differs from a Force Allow rule in the following ways:

  • Packets matching “Bypass” will not undergo IPS filtering.
  • Unlike Force Allow, Bypass will not automatically allow the responses on a TCP connection when Stateful Filtering is on.
  • Some Bypass rules are optimized in a way that traffic will flow efficiently as if the agent was not there.
 
When a Bypass firewall rule is sent to an agent older that version 5.0, it will be treated as Force Allow, thus will not skip DPI Filtering.

?

Here is how the Bypass rule is used:

Using Bypass when Stateful filtering is On

If you plan to use a Bypass Rule to skip DPI filtering on incoming traffic to TCP destination port N, and Stateful Configuration is set to perform stateful inspection on TCP, then you must create a matching outgoing filter for source port N to allow the TCP responses.

??

 
This action is not required in Force Allow rules because force-allowed traffic is still processed by the stateful engine.

All Bypass rules are unidirectional. Explicit rules are required for each traffic direction.

Optimization

The Bypass rule is designed to allow matching traffic through at the fasted possible rate. Maximum throughput can be achieved will (all) the following settings:

  1. Priority: Highest
  2. Frame Type: IP
  3. Protocol: TCP, UDP, or other IP protocol (Do not use the “Any” option.)
  4. Source and Destination IP and MAC: all “Any”
  5. If the protocol is TCP or UDP and the traffic direction is “incoming”, then the Destination Ports must be one or more specified ports (not “Any”), and the Source Ports must be “Any”.
  6. If the protocol is TCP or UDP and the traffic direction is “outgoing”, then the Source Ports must be one or more specified ports (not “Any”), and the Destination Ports must be “Any”.
  7. Schedule: None

Logging

Packets that match the bypass rule will not be logged. This is not a configurable option.

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1054495
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.