F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 8.00 - Administrator's Manual - page 203
CHAPTER 6
203
6.4
Configuring Internet Shield Rule Alerts
Internet Shield rule alerts can be used to get notifications if certain types
of malware try to access the computers. It is possible to issue an alert
every time a rule is hit or when illegal datagrams are received, which
makes it easy to see what kind of traffic is going on in your system.
Proper alerting can only be done by having proper granularity in the
security level: have one rule for each type of alert you want. Designing
alerting based on “broad” rules will generate a lot of alerts, and any
important information might be lost in large volumes of useless noise.
6.4.1
Adding a New Internet Shield Rule with Alerting
In this example a Deny rule with alerting is created for inbound ICMP
traffic for a certain subdomain. This means that when somebody tries to
ping the computer, an alert is issued. In the end of this example the rule is
tested by pinging one of the computers in the subdomain.
This example also describes the different selections you can make when
creating new rules with the Firewall Rules Wizard.
Step 1.
1. Select the subdomain for which you want to create the rule in the
Policy Domains tab.
2. Go to the Settings tab and select the Firewall Rules page.
3. Select the Internet Shield security level for which you want to add the
new rule from the Internet Shield security level being edited
drop-down menu. Now all the rules that have been defined for this
Internet Shield security level are displayed in the table.
4. Click
Add Before
to add the new rule as the first one on the list. This
opens the Firewall Rule Wizard.
Step 2. Rule Type
Select Deny to deny the inbound ICMP connections.