Справочник Пользователя для SonicWALL 4.5
115
Enforced Client Product Guide
Using the Firewall Protection Service
Configuring policies for firewall protection
5
Select a firewall protection mode
Specify how the firewall protection service responds to suspicious activity on client computers.
Protect
: It blocks the suspicious activity.
Prompt
: It displays a dialog box with information about the detection, and allows the user to
select a response. This option is the default.
Report
: It reports suspicious activity to the SecurityCenter and takes no additional action.
For all modes, detections are reported to the SecurityCenter, where you can view information
about them in reports.
about them in reports.
Tip
To specify a response to firewall detections:
1 On the
1 On the
Groups + Policies
page, click
Add Policy
(or click
Edit
to modify an existing policy).
2 Click the
Desktop Firewall
tab, select a
Firewall Protection Mode
, then click
Save
.
Use the following table to determine how policy options are implemented in the different
protection modes.
protection modes.
Note
Learn mode
Report
mode can be used as a “learn mode” to help you determine which applications to allow
). In
Report
mode, the firewall protection
service tracks but does not block unrecognized Internet applications. You can review detected
applications in the
applications in the
Unrecognized Programs
) and approve those that are appropriate for your policy. When you no longer see
applications you want to allow in the report, change the policy setting to
Prompt
or
Protect
mode.
To prevent popup prompts from appearing on client computers when applications are detected,
and for highest security, we recommend using
and for highest security, we recommend using
Protect
mode.
Mode
Behavior of protection service
Report
No user prompts.
Detections reported to SecurityCenter.
Administrator can select allowed applications, which are not reported as
detections.
detections.
Can be used as a
.
Prompt
Users prompted about detections.
Detections reported to SecurityCenter.
Administrator can select allowed applications. These applications are not
reported as detections, and users are not prompted for a response to them.
reported as detections, and users are not prompted for a response to them.
Users can approve additional applications in response to prompts. These are
reported to SecurityCenter.
reported to SecurityCenter.
Protect
Users not prompted about detections.
Users notified about deleted or quarantined applications.
Detections reported to SecurityCenter.
Administrator can select allowed applications. These applications are not
reported as detections.
reported as detections.
If the policy is changed from
Prompt
mode to
Protect
mode or
Report
mode, the firewall
protection service does not save user settings for allowed applications. If the policy is then
changed back to
changed back to
Prompt
mode, users need to specify allowed applications again.