6.4.4. Procedure – Creating a new DetectorService
To create a new DetectorService that starts a service based on the traffic in the incoming connection, complete the following steps.
Navigate to the Services tab of the PNS MC component and click .
Enter a name for the service into the opening dialog. Use clear, informative, and consistent service names. It is recommended to include the following information in the service name:
source zones, indicating which clients may use the service (for example,
intranet
)the protocol permitted in the traffic (for example,
HTTP
)destination zones, indicating which servers may be accessed using the service (for example,
Internet
)
Tip Name the service that allows internal users to browse the Web
intra_HTTP_internet
. Use dots to indicate child zones, for example,intra.marketing_HTTP_inter
.In the
section, select the TransparentRouter option.Click in the
field and selectDetectorService
.Commit your changes.
Navigate to
, and create a firewall rule that uses the DetectorService you created in the previous steps.Click Application-level Gateway will start if the traffic matches the DetectorPolicy. If you add more DetectorPolicy-Service pairs, Application-level Gateway will evaluate them in order, and start the service set for the first matching DetectorPolicy. If none of the DetectorPolicies match the traffic, Application-level Gateway terminates the connection.
, select a DetectorPolicy, and select a service thatNote When using a DetectorService, establishing the connection is slower, because Application-level Gateway needs to evaluate the content of the traffic before starting the appropriate service. If the rate of incoming connection requests that use the DetectorService is high, the clients may experience performance problems during connection startup. Note that using a DetectorService has no effect on the performance after the connection has been established.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu