14.2.3. Routers and rule groups

Routers are simple conditional rules (that is, if-then expressions) that determine how the received object has to be inspected. They consist of a condition and a corresponding action: if the parameter of the traffic (or file) matches the set condition, then the action is performed. The condition consists of a variable and a pattern: the condition is true if the variable of the inspected object is equal to the specified pattern. The action can be a default action (for example, ACCEPT, REJECT, and so on) or a scanpath. Routers cannot be used on their own, they must belong to a rule group. A rule group is a list of routers, defining a set of conditions that are evaluated one-by-one for a given scenario. Rule groups also have a default action or scanpath that is performed if none of the set conditions match the received object. Rule groups are also important because a Zorp proxy can send data only to a rule group, and not to a specific router (see Section 14.2.4, Configuring Zorp proxies to use ZCV for details).

Warning

Only the action or scanpath, corresponding to the first matching condition is performed, therefore the order of the routers in a rule group is very important.

Routers and rulegroups

Figure 14.18. Routers and rulegroups

Routers and rule groups can be managed (created, deleted and edited) from the Rule groups section of the Configuration tab of the Content Vectoring ZMC component. The defined rule groups and their corresponding routers (conditions and actions) are displayed as a sortable tree.

Tip

Rule groups and routers can be disabled from the local menu if they are temporarily not needed.

To create and configure a set of routers, complete the following procedure: