![mac security settings for watchguard mac security settings for watchguard](https://learn.oxnardsd.org/portals/0/search_1.png)
#MAC SECURITY SETTINGS FOR WATCHGUARD FULL#
A packet filter rule has no awareness of the content, while a proxy is doing the full examination of the content.
![mac security settings for watchguard mac security settings for watchguard](https://nscdn.nstec.com/what-is-the-benefit-of-a-stateful-firewall-.jpg)
The Proxy templates however allow you to deploy all the other security services, as a proxy has much deeper insight into the traffic. When you choose a packet filter type of template, you can attach only a couple security services to that rule (IPS, Geo filtering, Application Control). When you create firewall rules, you can choose between packet filters and proxy filters for http, https, ftp, imap, pop3, h323 Rather get a higher model used box, when this is for home use - or go for a trade-up with security services, if it is for business use. If you want it more radical and don't care about the basic security a http/s proxy brings, than you can also replace the proxy rules with filter rules. That should than boost these sites up to 620Mbps, while the 'unknown' and 'not trusted' sites would still have to go trough the basic filtering - without a subscription. To avoid decrypting everything and giving it a push where it matters, you can add exceptions for sites that you trust and sites that need more throughput (e.g. I would keep this, even if it will spoil quite a bit of the experience because of the low throughput on TLS decryption. "Not having an active subscription" doesn't make proxies to turn off and stop decrypting https traffic, if you had this turned on.Įven when one doesn't have any subscriptions, it's pretty useful to keep using proxies and strip off executable files in web and mail traffic.