How Adaptive mode affects Firewall

In Adaptive mode, Firewall automatically allows all traffic that doesn't match an existing Block rule, and creates dynamic Allow rules for that non-matching traffic.

When Firewall is running normally, it continually monitors the network traffic that a computer sends and receives. Firewall allows or blocks traffic based on the rules. If the traffic can't be matched against an existing rule, it is automatically blocked.

You can create an explicit Allow rule for any traffic. For security reasons, incoming pings (ICMP traffic) are blocked in Adaptive mode unless an explicit Allow rule is created for it. Incoming traffic to a port that isn't open on the host is also blocked unless an explicit Allow rule is created for the traffic. For example, if the telnet service isn't running, incoming TCP traffic to port 23 (telnet) is blocked automatically.

Firewall displays the rules created on client systems through Adaptive mode, and enables you to save and migrate these administrative rules.

Stateful filtering

When Adaptive mode is applied with the stateful firewall, the filtering process creates a rule to handle the incoming packet:

  1. The firewall compares an incoming packet against entries in the state table and finds no match, then examines the static rule list and finds no match.
  2. No entry is made in the state table, but if the packet is a TCP packet, it is put in a pending list. If not, the packet is dropped.
  3. If new rules are permitted, a unidirectional static Allow rule is created. If the packet is a TCP packet, an entry is made in the state table.
  4. If a new rule isn't permitted, the packet is dropped.