Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

About Intrusion Defense Firewall (IDF) default rules

    • Updated:
    • 6 Feb 2017
    • Product/Version:
    • Intrusion Defense Firewall 1.5
    • Platform:
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Server R2
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Professional
    • Windows XP Professional 64-bit
Some of IDF's default rules aren't defined in the documentations.
  1. What Location Aware – Medium means?
    Ans: There's no specific documentation to explain this. In the security profile, there are three policies, categorized from high to low:
    • Location Aware - High
    • Location Aware - Medium
    • Location Aware - Low
    Location Aware - High has the highest severity policy:
    1. There's a default "Off Domain Enforcement" FW deny rule assigned in the Remote Domain context. It means once DSA detects that the machine is remotely connected to a domain controller, it’ll deny all outgoing traffic. Only traffic specified in the Force Allow section - “Off Domain Exception” will be allowed.
    2. Interface Isolation by default is ON so that only Local Area Connection and Wireless network traffic can pass through. Other interfaces will be locked.
    Location Aware - Medium has a medium severity policy:
    1. Since it’s not as high severity as Location Aware – High, there's NO default "Off Domain Enforcement" FW deny rule.
    2. However, Interface Isolation is ON by default.
    Location Aware - Low has the lowest severity policy:
    1. It’s the lowest severity policy, there’s NO default "Off Domain Enforcement" FW deny rule.
    2. Interface Isolation is OFF by default..
  2. What does Warm Transfer context/Warm Standby context mean?
    Ans: It’s the same as "Restricted Interface Warm Standby context" in DSM. This context is for restricted interfaces which has been locked by Interface Isolation.
    When an interface is locked, only traffic which is matched to "Force Allow FW rule assigned in the Warm Standby context (same as Restricted Interface Warm Standby context)" can go through the locked interface.
    For more information, go to the Context section in the DS/IDF Admin Guide.
  3. What do these rules do concretely?
    Ans: If an interface is locked by Interface Isolation, no packet of any type will be allowed in both direction (in and out). Therefore, the interface will not get DHCP/wireless connectivity. The only way to allow packets to pass through the interface is to:
    1. Create a "warm standby" context.
    2. Assign FW rules to this context and explicitly allow the desired packets.
    These “Warm Standby Exceptions - xxx” FW rule in IDF is actually the same as "Restricted Interface Exceptions - xxx" in DS. As mentioned above, these rules are Force Allow FW rules which are assigned in the “Warm standby” context in order to let specific traffic pass through the locked interface.
  4. Why are these rules here by default?
    Ans: They are there by default because it will allow the locked interdface to get DHCP/wireless connectivity.
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.