General Information on Connection Activation

The Connection Activation panel is used to generate the Connection Rules and to make these rules the active set through which the firewall evaluates datagram traffic received by either the secure or non-secure interfaces. Rule generation is based upon the configurations defined in the Connection Setup window and all of its subsidiary configurations (i.e., Services, Rule Templates, and Socks Templates). Rules can also be generated depending upon settings in the Security Policy panel. Additionally, the Connection Activation panel allows you to validate these configurations and it allows you to deactivate the Connection Rules.

The figure below illustrates how the activation function generates connection rules from connection configurations and places them into the active set of rules running on the firewall.

Further Information

Controlling Traffic Through the Firewall

Regenerate Connection Rules and Activate

Use this function to generate the rules based upon the configurations defined in the Connection Setup panel and all of its subsidiary configurations (i.e., Services, Rule Templates, and Socks Templates). Rules can also be generated depending upon settings in the Security Policy panel. These rules become the active set through which the firewall can evaluate network datagrams. If there is a set of Connection Rules already active, this procedure updates the active rules with the contents of the newly generated set.

Feedback about a successful activation or any errors found will be displayed in the Output section.


Deactivate Connection Rules

Deactivating the Connection Rules causes the firewall rule processing to be reset to its initial state which is no rule processing by explicit rules but rather by the implied rules built into the netinet device driver -- no routing between secure and non-secure interfaces.

List Current Connection Rules

This function lists the most recently generated set of Connection Rules.

Validate Rule Generation

The Validate function allows you to do a trial generation of rules. Its main purpose is to evaluate your rule generation for any possible errors. Feedback about a successful validation or any errors found will be displayed in the Output section. If rule generation validates successfully, it may then be activated.

Enable Connection Rules Logging

This function causes the Firewall to mark logging of rejected packet messages as "enabled." When logging is enabled and Connection Rules are active, records of packets that are rejected due to Connection Rules are written to the system log file. Note however, that the ability to enable logging is independent of the status of rule processing in general. If the Connection Rules are inactive, enabling the logging is supported and permitted, but it has no immediate effect.You will be reminded of this via an informational message when the procedure executes.

Disable Connection Rules Logging

This function causes the Firewall to mark logging of rejected packet messages as "disabled." After executing this procedure, and if Connection Rules are active, the Firewall will no longer record rejected packet messages in the system log file. Note however, that disabling the logging is independent of the status of rule processing in general. If Connection Rules are inactive, a request to disable logging will be honored, but its effect will not be realized until Connection Rules are activated again.

Execute

Click on "Execute" to initiate the command selected above.

Close

Press the "Close" button to eliminate the window from your display.