You can configure filters and exceptions for the following NBM services:
Click the Easy Filter Configuration task under NBM Filter Management.
From the list, select the server where the filters are to be configured by clicking the icon and then click OK.
Figure 25From the drop-down list, select the public interface of the server where the filters/exceptions are to be configured.
To enable the filter for a service, select the corresponding check box under Enable Filter.
If you enable exceptions for HTTP and secure HTTP proxy with the Stateful option, it creates two default filters to deny all incoming and outgoing connections, thus creating exceptions to allow only HTTP and HTTPS traffic.
To enable the log for a service, select the corresponding check box, under Enable Log.
IMPORTANT: When you enable this option, the header of the packet that match the options in the filters or exceptions is logged if you have enabled both global logging status and filters/exception logging status. This is placed in the directory sys:\etc\logs\ippktlog. If you disable the option, the packets that match the options in filters or exceptions are not logged. Datalogging slows down the server's performance and should be kept on only for a short time.
To enable the stateful filter for a service, select the corresponding check box under Stateful.
If stateful filtering is enabled in a filter rule, a dynamic filter is also created in the reverse direction. The reverse filter is created with the information such as source IP address, source interface, source port, destination IP address, destination interface, and destination port. This information is stored in a table which is later used to compare against the reply.
Click Add.
The following page is displayed:
Figure 26NOTE: If you want to delete the exceptions, use List All Firewall Policies.