We have written this quick walkthrough to help you properly configure your firewall rules.
Configuring the proper port number
Each session involves a client connecting to a server. Often, the PC is the client, and the HTTP server is the server. Due to the nature of the TCP/UDP protocol, the client application (PC in this example) uses a random port number (from 1024 to 65535) to transmit to the server. Therefore, the client application will send traffic with a random source port to TCP port 80 of web server.
In the above example, the Bad Rule would only block sessions from source port TCP 80. As client application will use random ports 1024-65535, all traffic heading to 18.104.22.168 with TCP 80 would still be allowed, essentially defeating the purpose of the outbound rule. However, if you used the Good Rule, the firewall will block any sessions going to 22.214.171.124 with TCP 80.
Preventing Policy Conflicts
The program reads each rule from the top down. Therefore, if you have any conflicting rules, the one at the top will take precedence. If a rule is not working the way you want it to, you can check the rules beforehand to make sure that there are no conflicts.
In this example, Rule 1 overrides Rule 2, causing conflict. When it encounters 126.96.36.199, the firewall will deny the session because the program will stop reading the rules after implementing the Deny policy in Rule 1.
Setting the proper default action
The default action determines what the firewall will do if the session does not meet any of the established firewall rules. The outbound rule default of “Allow” will allow all outbound sessions that do not meet the previous rules. Likewise, the inbond rule of “Deny” will stop all inbound sessions that do not meet the previous rules. In case the firewall is not doing what you want it to (e.g. accepting all incoming traffic), it is advisable for you to check the default action.