Creating rule sets

Rule sets can be created to group filter or translation rules that you wish to deploy on one or several firewalls. This feature allows you to easily reuse rules on several firewalls regardless of where they are on the tree.

  1. In Configuration > Rule set, click on Create a set of filter rules or Create a set of NAT rules. You cannot create rule sets containing both types of rules or containing another rule set.

  2. Double-click on a rule set to edit its name and assign a color.

  3. In the Rules tab, click on Add a rule to create rules that will be part of your filter or NAT rule set. For further information, refer to Creating filter and NAT rules.

You can also duplicate an existing rule set by clicking on Duplicating a rule set.

You need to hold write access privileges on the firewall in question to assign rule sets to it. For more information, refer to the section Restricting folder administrators' access privileges.

There are two ways to assign rule sets to a firewall.

  • In Configuration > Rule set:

    • Select the rule sets from the list on the left. In the Firewalls tab, select the firewalls to which you wish to assign the rule sets, and click on Apply. You can choose to add the rule sets to specific rules on the selected firewalls in the first or last position.

  • In the security policy of a firewall in the Filter rules and NAT rules tabs:

    • Click on Add > Add a rule set.

During the next deployment, the rule sets assigned to the firewall will be added to the selected firewalls. They will appear in the firewall's global policy as separators followed by their rules. 

You need to hold write access privileges on the firewall in question to perform the following operations. For more information, refer to the section Restricting folder administrators' access privileges.

From a firewall’s security policy, you can:

  • replace the rule set assigned to the firewall with another set,

  • edit the rule sets assigned to the firewall. You will be redirected to the Rule sets screen.

In Configuration > Rule set, you can:

  • export all the filter or NAT rule sets to a CSV file. In this file, they will be represented as separators followed by their rules. For more information, please refer to Exporting rules to a CSV file.

  • import all the filter or NAT rule sets from a a CSV file. Rule sets must be created on the SMC server before importing the CSV file, otherwise the import will fail. For more information, please refer to Importing rules from a CSV file.

You can delete a rule set only when:

  • It is not used by any firewall.

  • It is used by firewalls on which you have write access privileges.

For more information, refer to the section Restricting folder administrators' access privileges.

To delete a rule set:

  • In Configuration > Rule sets, click on the red cross on the row of a rule set.