Define contexts for use in policies

Contexts are a powerful way of implementing different security policies depending on a computer's network environment.

Contexts are designed to be associated with firewall and intrusion prevention rules. If the conditions defined in the context associated with a rule are met, the rule is applied.

Configure settings used to determine whether a computer has internet connectivity

  1. In the Deep Security Manager, go to Administration > System Settings > Contexts.
  2. In the URL for testing Internet Connectivity Status box, enter the URL to which an HTTP request will be sent to test for internet connectivity. (You must include "http://".)
  3. In the Regular Expression for returned content used to confirm Internet Connectivity Status box, enter a regular expression that will be applied to the returned content to confirm that HTTP communication was successful. (If you are certain of the returned content, you can use a simple string of characters.)
  4. In the Test Interval list, select the time interval between connectivity tests.

For example, to test Internet connectivity, you could use the URL "http://www.example.com", and the string "This domain is established to be used for illustrative examples in documents" which is returned by the server at that URL.

Define a context

  1. In the Deep Security Manager, go to Policies > Common Objects > Other > Contexts and then click New > New Context.
  2. In the General Information area, enter the name and description of the context rule. This area also displays the earliest version of the Deep Security Agent the rule will be compatible with.
  3. In the Options area, specify when the context will be applied:
    • Context applies when connection is: Specifying an option here will determine whether the Firewall rule is in effect depending on the ability of the computer to connect to its domain controller or its internet connectivity. (Conditions for testing internet connectivity can be configured in Administration > System Settings > Contexts.)

      If the domain controller can be contacted directly (via ICMP), the connection is "Local". If it can be contacted via VPN only, then the connection is "Remote".

      The time interval between domain controller connectivity tests is the same as the internet connectivity test interval, which is configurable in Administration > System Settings > Contexts. The internet connectivity test is only performed if the computer is unable to connect to its domain controller.

    • Context Applies to Interface Isolation Restricted Interfaces: This context will apply to network interfaces on which traffic has been restricted through the use of interface isolation. This is primarily used for "Allow" or "Force Allow" Firewall rules. See Detect and configure the interfaces available on a computer.

After you assign the context to a rule, it is displayed on the Assigned To tab for the context. (To link a security rule to a context, go to the Options tab in the security rule's Properties window and select the context from the "Context" list.)