Hi Screenie,
Sorry, I think lost the track, and start feeling confused... You told me the DI does the inspection in both flows of a session. So I was happy to stuff up my initial Trust-to-Untrust policy with DI items I considered useful for my needs.
In your recent post you wrote that scanning from Trust-to-Untrust is usually not done for saving CPU time (I'm actually using DI exactly on this policy - Trust-to-Untrust!). If DI checks in both directions then it will keep scanning the incoming data flow too, which comes in as a response on my queries sent from the Trusted zone, doesn't it?
Or should I set up an additional Untrust-to-Trust policy for HTTP, SSL and another few ones to use the DI to filter incoming packets, even when session is initiated from the Trusted zone?
CPU consumption is not an issue (permanently around 1-2%) because of low traffic on mostly 1, sometimes on up to 3 computers.
Actually I have only one Untrus-to-Trust policy for now for a special purpose, forwarding data sent to a certain port to a specific IP address in the Trusted zone which runs only a small web-server in Java which processes and answers the data sent to that port and is not vulnerable to most of the attacks covered in DI.
Akos
Message Edited by b_akos on 03-26-2009 10:15 PM