Default elements for Ethernet rules

The predefined Ethernet rules in default template policies allow the most common types of Ethernet traffic.

The following default template policies contain predefined Ethernet rules:

  • IPS Template
  • Layer 2 Firewall Template
  • Layer 2 Interface Template

Because the template policies are added and updated through dynamic update packages, your templates might look different from the example here.

Figure: IPS template - Ethernet rules



This illustration shows a green insert point at the top of the rule table, three default rules below it, and then another insert point.
  • The first rule contains the IPv4 protocol and allows the matching traffic to pass through.
  • The second rule contains the IPv4 protocol and allows IPv4 traffic with further inspection against the IPv4 Access rules.
  • The third rule contains the IPv6 protocol and allows IPv6 traffic with further inspection against the IPv6Access rules.

The two insert points indicate where you can add Ethernet rules to a policy that uses the template policy. The first insert point above the default rules allows you to make exceptions to how traffic that matches the three default rules is checked. For example, you could add a rule defining that no IPv4 or IPv6 traffic is allowed between certain MAC addresses.

The second insert point below the default rules allows you to define how traffic that matches other protocols is checked. The final action depends on the type of template policy.

  • IPS Template — Allow all
  • Layer 2 Firewall Template — Discard All
  • Layer 2 Interface Policy — Discard All for Inline Layer 2 Firewall Interfaces. Allow all for Capture Interfaces and Inline IPS Interfaces.