Creating filter and NAT rules

  1. In Configuration > Firewalls and folders, browse until you reach the level of the folder to which you wish to apply a rule or until you reach a specific firewall. In the case of specific rules, go directly to the firewall's settings as well from Monitoring view.
  2. Open the Filtering and translation tab and select Filter rules or NAT rules tab.
  3. Click on Add and select either a low- or high-priority rule (priority can only be selected for folders), taking into account the desired order of application, as explained in the previous section.

    button Add a rule
  4. Configure the rule:
    • When Host, Network or IP address range objects are used in the rule, you can use variable objects, whose IP addresses will be the value corresponding to the relevant firewall. For more information, please refer to the section Managing objects.
    • Objects can be dragged and dropped between filter and translation rules or from the Objects menu into rules.
    • You can create separators between rules in order to organize them by clicking on Add. These separators do not impact the security policy in any way. Click on the title of a separator to change its name or assign a color to it.
    • The following parameters cannot be completed with data returned by firewalls and must therefore be entered manually through text fields:

      • In Source > General > Incoming interface, click on Customized interface (if the rule applies to a folder or rule set).
      • In Destination > Advanced configuration > Outgoing interface, click on Customized interface (if the rule applies to a folder or rule set).
      • Menu Action > Quality of Service > Queue.
      • Menu Action > Quality of Service > ACK queue.
    • Refer to the SNS User guide for more details on other menus and options.
  5. Once the configuration of rules is complete, deploy the configuration on the firewalls concerned.

In addition to the rules of the current folder or of the firewall, the Filter rules and NAT rules tabs display the rules of parent folders and local rules in read-only. You can therefore view all the rules that apply to a firewall on a single screen, in the order in which they are applied.