I found these in the User Guide:
For Outgoing connection attempts, the application rules are consulted first and then the global rules second.
For Incoming connection attempts, the global rules are consulted first and then the application rules second.
I found the rule below in the Global Rules:
Block IP In from MAC Any To MAC Any Where Where Protocol Is Any
With exception to other Global Rules, does this mean, that all incoming connection is block even if a certain application is allowed in the Application Rules.
Which mean by default all incoming connection is block with the exception to ICMP Framention Needed and Time Exceeded
It will only block traffic that is initiated from the network TO your PC.
If an application is allowed out it’s corresponding return traffic is also allowed back in.
Thanks, you’re right.
Correct me if I’m wrong I think that is an outbound connection your saying. For me the rule applies to inbound connection such as an application is listening to a certain port xxxx waiting for inbound/incoming connection. What the user guide says is that it’s in reverse of what outbound connection is, which global rules takes place first over application rules. Just wanna know if this still applies.
It depends on your global rules.
If you run the stealth ports wizard and chose ‘block all incoming connections’ then you have to manually open ports in global rules first and then also have to allow the application to receive incoming connections.
If you don’t have a ‘block all’ rule on your global rules CIS will match the traffic to the application if the listening port corresponds to the port of the incoming traffic.
So in that case you don’t have to do anything on your global rules. If CIS doesn’t have rules for the application in question it will alert you for it.
So Global rules are consulted first and after that Application rules (on incoming initiated traffic that is).