Changing the firewall rule order
search cancel

Changing the firewall rule order


Article ID: 176504


Updated On:


Endpoint Protection


Changing the firewall rule order Symantec Endpoint Security (SES).


The firewall processes the firewall rules in the order they are listed in the Firewall policy. If the first rule does not specify how to handle a packet, the firewall inspects the second rule. This process continues until the firewall finds a match. After the firewall finds a match, the firewall takes the action that the rule specifies. Subsequent lower priority rules are not inspected. For example, if a rule that blocks all traffic is listed first, followed by a rule that allows all traffic, the client blocks all traffic.

Determine how the firewall processes firewall rules by changing their order. For better protection, place the most restrictive rules first and the least restrictive rules last.  

The best practices for creating a rule base include the following order of rules in SES

The below table (Processing Order) shows the order in which the firewall processes the rules, firewall settings, and intrusion prevention settings.

Table: Processing order





Intrusion Prevention settings, traffic settings, and stealth settings


Built-in rules


Firewall rules


Port scan checks


IPS signatures that are downloaded through Live Update.

To change the order of firewall rules in Symantec Endpoint Security
  1. In the Firewall policy, under Firewall, select the check box for the rule(s) you want to move and then select Cut.
    • Select multiple rules at a time.
    • Select Cancel Cut if you decide you don't want to move the rule.
  2. Select the rule check box that should appear after the rule you move and select Paste.