Contexts

Contexts are a powerful way of implementing different security policies depending on the computer's network environment.

Contexts are designed to be associated with Firewall and Intrusion Prevention Rules. If the conditions defined in the Context associated with a Rule are met, the Rule is applied. (To link a Security Rule to a Context, go to the Options tab in the Security Rule's Properties window and select the Context from the "Context" drop-down menu.)

Contexts can be used to provide Agents with "location awareness". To determine a computer's location, Contexts examine the nature of the computer's connection to its domain controller and connectivity to the Internet. Select the Context applies when Domain Controller connection is option and choose from the following:

Locally Connected to Domain: true only if the computer can connect to its domain controller directly
Remotely Connected to Domain: true if the computer can only connect to its domain controller via VPN
Not Connected to Domain: true if the computer cannot connect to its domain controller
Not Connected to Domain, No Internet Connectivity: true if the computer cannot connect to its domain controller by any means and the host has no Internet connectivity. (The test for Internet connectivity can be configured in Administration > System Settings > Contexts.)

By assessing the ability of the computer to connect with its domain controller or the Internet, the Agent can then implement rules such as restricting HTTP traffic to non-routable ("private") IP addresses only.

For an example of a Policy that implements Firewall Rules using Contexts, examine the properties of the "Location Aware - High" Policy.

From the toolbar or the right-click shortcut menu on the Contexts page, you can:

Create New () Contexts from scratch
Import () Contexts from an XML file (located under the New menu.)
Examine or modify the Properties of an existing Context ()
Duplicate (and then modify) existing Contexts ()
Delete a Context ()
Export () one or more Contexts to an XML or CSV file. (Either export them all by clicking the Export... button, or choose from the drop-down list to export only those that are selected or displayed)
Add/Remove Columns () columns can be added or removed by clicking Add/Remove Columns. The order in which the columns are displayed can be controlled by dragging them into their new position. Listed items can be sorted and searched by the contents of any column.

Clicking New () or Properties () displays the Context Properties window.

Context Properties

General Information

The name and description of the Context Rule as well as the earliest version of the Vulnerability ProtectionDeep Security Agent the rule is compatible with.

Options

Context applies when Domain Controller connection is

Specifying an option here will determine whether or not the Firewall Rule is in effect depending on the ability of the computer to connect to its Domain Controller or its Internet Connectivity. (Conditions for testing Internet Connectivity can be configured in Administration > System Settings > Contexts.)

If the Domain Controller can be contacted directly (via ICMP), the connection is "Local". If it can be contacted via VPN only, then the connection is "Remote (VPN) ".

The time interval between Domain Controller connectivity tests is the same as the Internet Connectivity Test interval which is also configurable in Administration > System Settings > Contexts.

The Internet Connectivity Test is only performed if the computer is unable to connect to its Domain Controller.

Context Applies to Interface Isolation Restricted Interfaces

This context will apply to network interfaces on which traffic has been restricted through the use of Interface Isolation. (Primarily used for Allow or Force Allow Firewall Rules.)

Assigned To

The Assigned To tab displays a list of the rules making use of this Context.