About Services and Policies
You use a service to send different types of data (such as email, files, or commands) from one computer to another across a network or to a different network. These services use protocols. Frequently used Internet services and protocols are:
- Resolve a domain name to an Internet address uses Domain Name Service (DNS)
- World Wide Web access uses Hypertext Transfer Protocol (HTTP) or Secure Hypertext Transfer Protocol (HTTPS)
- Email uses Simple Mail Transfer Protocol (SMTP) or Post Office Protocol (POP3)
- File transfer uses File Transfer Protocol (FTP)
- Remote terminal access uses Telnet or SSH (Secure Shell) network protocols
When you allow or deny a service, you must add a policy to your Firebox configuration. Each policy you add can also add a security risk. To send and receive data, you must open a door in your computer, which puts your network at risk. We recommend that you add only the policies that are necessary for your business.
As an example of how you can use a policy, suppose the network administrator of a company wants to activate a Windows terminal services connection to the company’s public web server on the optional interface of the Firebox. The network administrator routinely administers the web server with a Remote Desktop connection. At the same time, the network administrator wants to make sure that no other network users can use the Remote Desktop Protocol terminal services through the Firebox. The network administrator would add a policy that allows RDP connections only from the IP address of the network administrator's own desktop computer to the IP address of the public web server.
When you configure your Firebox with the Quick Setup Wizard, the wizard adds only limited outgoing connectivity. If you have more software applications and network traffic for your Firebox to examine, you must:
- Configure the policies on your Firebox to pass through necessary traffic
- Set the approved hosts and properties for each policy
- Balance the requirement to protect your network against the requirements of your users to get access to external resources