Novell Documentation: Novell BorderManager 3.8

Selecting a Policy

One of the most useful and important features of NCF is its usage modes. The different modes are described in Table 1, Icon Modes.

The icon shown for each mode is what is displayed in the system tray as the NCF icon. You can tell at a glance what mode NCF is in by looking at its system tray icon.

When NCF is installed, the default mode is Rules Wizard mode. This mode helps you decide whether an application should be allowed a network connection. Rules Wizard facilitates the specifying of applicable network parameters for each type of application.

Although, during the installation process, NCF creates the rules for applications already installed on your system, it might miss a few uncommon programs. In this case Rules Wizard mode makes your life a little easier. Instead of your having to create a new and often complex rule each time a new application is run, Rules Wizard does the work for you by basing its presets on all well-known applications. Rules Wizard even recommends the best selection for you.

Whenever a new application requests a network connection, the Application Rule window is displayed:

Figure 9
Application Rule Window

NCF has a database of the more commonly used applications, and it optimizes the settings for each type of application so the decisions you have to make are very few.

The NCF system divides applications into three categories:

Blocked---Distrusted applications for which all connections are blocked.
Partially Allowed---Applications granted limited network access by having their protocols, ports, and directions specified by policies (rules).
Trusted---Applications for which all connection requests are allowed.

In Figure 9 above, you can see what application is requesting an outgoing connection, what manner of access is being attempted, the basic parameters of the connection, and your options concerning the request.

The options you can choose from in Rules Wizard mode are as follows:

Option	Purpose	Result
Apply Default	For pre-defined rules	Connections will be allowed according to the pre-defined rules.
Allow Always	For applications you trust completely.	All network requests by this application are allowed and the application is given the status Trusted Application.
Block Always	For applications that should not be allowed network access.	All network activities for this application are disabled. The application is given the status Blocked Application.
Allow Once	For applications that you are doubtful of but want to see what they do with the connection.	This network connection is allowed this time. The next time this application tries to establish a network connection, this same dialog box appears. No rule is created for the application.
Block Once	For applications that you do not trust but do not want to block totally.	This network connection is blocked this time. The next attempt by this application to establish a network connection results in this same dialog box. No rule is created for the application.
Create Rule	For applications that can obtain network access under specific protocols, via specific ports, etc.	Limits network access to specific ports and protocols using presets that are optimum for most purposes. The application is given the status Partially Allowed Application.

Use the Advanced button in the Actions section to choose advanced actions.

NCF detects most of the applications that regularly access the network after working a day or so in Rules Wizard mode. After NCF has registered most of your applications, you can switch to Block Most mode.

You can also create your own rule for an application rather than select one of the presets. To create a rule, select Create Rules Using Preset, select Other from the drop-down list, and then click OK. This opens the Rules dialog box where you can create any rule for this application.

NOTE: The Allow Once and Block Once buttons are available only for some connections (outgoing TCP connections). When these functions are unavailable, their buttons are grayed out.