Define Action options for the Continue action in Exception rules
The Continue action can set options for the Permit and Terminate actions in subsequent rules.
For more details about the product and how to configure features, click Help or press F1.
Steps
- Right-click the Action cell and select Continue.
- Double-click the Action cell.
- Set the options, then click OK.
Select Rule Action Options dialog box (Inspection Continue)
Use this dialog box to override and specify the options for the Continue action in the Inspection Policy.
Option | Definition |
---|---|
Override Settings Inherited from Continue Rule(s) | When selected, overrides settings defined in Continue rules higher up in the policy. |
Option | Definition |
---|---|
Terminate tab | |
Terminates the Connection | Select whether the connection is terminated.
|
Notifies Client and Server With a Reset | Select whether a TCP reset is sent to the client and the server.
|
Option | Definition |
---|---|
Reset tab | |
Sends an ‘ICMP Destination Unreachable’ message if not a TCP connection | (If Notifies Client and Server With a Reset is Yes on the Terminate tab)
|
Option | Definition |
---|---|
Block List Scope tab | |
Terminate the Single Connection | Creates entries that stop matching current connections, but which are not stored for any time. |
Block Traffic Between Endpoints | Creates entries that stop matching connections and block traffic between the matching IP addresses for the set duration. |
Duration | Specifies how long the Block list entry is stored on the NGFW Engine. If you leave the value as 0, the Block list entry only cuts the current connections. Select the unit of time from the drop-down list on the right. |
IP Protocol |
To block traffic that uses a different protocol, click Select, then select an IP-proto Service. If you do not select an IP-proto Service, the block listing is applied to the protocol detected from the traffic. This option is useful if you want to block traffic where the opening connection is, for example, TCP traffic, but the following connection then changes to using the UDP protocol. If you select TCP or UDP as the protocol, we recommend that you set Endpoint 1 Port and Endpoint 2 Port to be Predefined TCP or Predefined UDP, respectively. For other protocols, set the ports to the Ignored option. |
Endpoint 1 Address or Endpoint 2 Address |
|
Endpoint 1 Port or Endpoint 2 Port |
|
Block List Executors | Select the NGFW Engines to which the block list requests are sent. Click Add to add an element to the list, or Remove to remove the selected element. |
Include the Original Observer in the List of Executors | Deselect this option if you do not want to include the NGFW Engine that detects the situation in the list of block list executors. |
Option | Definition |
---|---|
Response tab | |
User Response
(HTTP only) |
Specifies the automatic response that is shown to the end user when a connection is discarded. Click Select to select an element. You can use the default response or create a custom response. User Responses are not supported on Virtual NGFW Engines. |