Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 4732 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What are the differences between Firewall rules and Regex and how do they work together?

Michael Jones1

We have had issues where there was a clean rule for allowing apple traffic yet the traffic was obviously filtered/suppresed. We have a 300Mb pipe and were getting 5Mb downloads. We added regex entries and now have great speed from apple. Is there a doc (I couldnt find anything to explain how they work) that explains the difference between the 2?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Hi LuCar,

    I will answer what I think he is asking and I will request that you fill in the bits that I am unsure of.

    The XG is based on firewall rules, policies and definitions.

    A firewall rule uses policies and definitions to achieve its functions. REGEX can be used to fine tune the policies and maybe definitions, but not firewall rules.

    I expect REGEX can be used in a number of places in the XG policies, but the only one I am aware of is the Web Exceptions, (LuCar please expand if needed).

    I hope that answers you question?

    Ian

  • +1 in reply to Michael Jones1

    Michael Jones1 said:

    What does regex do that firewall rules don't?

    If you are asking about the two different methods that are in the KB (Exceptions using RegEx versus Firewall Rules).

    If you use the firewall rule method, the traffic (the packets) are forwarded from the LAN to the WAN, without ever going through the web proxy.

    If you use the Exception / RegEx rule method the packets are sent the web proxy, the proxy then still implements some policy (other policy may not be run based on the exception) and then sent out to the far web server.

     

    So an Exception turns off part of the web proxy policy.  A firewall rule bypasses the web proxy altogether.

     

    If you wanted to turn off antivirus scanning and still enforce category blocks, use an exception.  If you wanted to say "I fully trust this site and want connections completely untouched" use a firewall rule.