WSM User Guide - WatchGuard Technologies

APPENDIX CTypes of PoliciesThis chapter gives a list of the pre-defined policies included with Fireware® appliance software, theirprotocols, and their ports. It also gives special information about circumstances that could have aneffect on the security of some policies.In this chapter, policies are divided into two groups—policies that are controlled by a packet filter andpolicies that are controlled by a proxy.Packet Filter PoliciesPacket filter policies examine the source and destination headers of each packet. Packets are allowed ordenied based on if the headers appear to come from and go to trusted addresses.AnyUse an Any policy only to allow all traffic between two specified trusted IP or network addresses. An Anypolicy opens a “hole” through the Firebox®, and allows all traffic to flow freely between specified hosts.We recommend that the Any policy be used only for traffic through a VPN.The Any policy is different from other policies. For example, if you allow FTP only to a specified host, allother FTP sessions to other hosts are denied by that policy (unless you have also configured other FTPpolicies). The Any policy does not deny like other policies.You also cannot use an Any policy unless specified IP addresses, network addresses, host aliases, groupnames, or user names are used in the From or To lists. If not, the Any policy does not operate.Characteristics• Internet Protocol(s): Any• Port Number(s): Any portUser Guide 379