To add, edit, or remove filter actions- Create a console containing IP Security Policies. Or, open a saved console file containing IP Security Policies.
- Double-click the policy that you want to modify.
- Double-click the rule that you want to modify, and then click the Filter Action tab.
- To add a filter action, decide whether you want to use the IP Security Filter Action Wizard or add the filter action manually:
- To add a filter action by using the IP Security Filter Action Wizard, confirm that the Use Add Wizard check box is selected, click Add, and then follow the instructions.
- To add a filter action manually, confirm that the Use Add Wizard check box is cleared, click Add, and then define settings on the Security Methods and General tabs.
- To modify an existing filter action, select the filter action that you want to modify, and then click Edit.
- To remove a filter action, select the filter action that you want to remove, and then click Remove.
- If you are adding or modifying a filter action, choose a filter action type:
- Click Permit to allow receiving or sending of packets in plaintext (unsecured traffic). Security will not be requested for these packets.
- Click Block to discard packets. Security will not be requested for these packets.
- Click Negotiate security to use the list of security methods in Security method preference order to provide security for packets that match this filter. Security requests will be accepted for these packets.
- If you chose Negotiate security, add new security methods or edit the existing ones for the filter action.
- If you do not want to block incoming, unsecured communications, but you want to ensure that all outgoing communications and subsequent two-way communications are secured, select the Accept unsecured communication, but always respond using IPSec check box.
- To enable communication with other computers that do not support IPSec, and ensure that communication continues if there is no response to a request for IPSec negotiation, select the Allow unsecured communication with non-IPSec-aware computers check box. After the initial IPSec negotiation has failed, IPSec negotiation will be retried at five minute intervals.
- To guarantee that no master keys or master keying material will be reused to generate the session key, select the Use session key perfect forward secrecy (PFS) check box.
- On the General tab, in Name, type a unique name.
- In Description, type a description. For example, you might type what security levels this filter action represents.
×