Actions on filter policy rules

Search This field makes it possible to perform searches by occurrence, letter or word.

EXAMPLE
If you enter “Network_internal” in the field, all filter rules containing “Network_internal” will be displayed in the table.

New rule Inserts a predefined line or a blank line after the selected line.
5 choices are available: authentication, SSL inspection and explicit HTTP proxy rules will be defined via a wizard in a separate window:
  • Single rule: This option makes it possible to create a blank rule that will leave the administrator the possibility of entering different fields in the filter table.
  • Separator – rule grouping: This option makes it possible to insert a separator above the selected line.
  • This separator makes it possible to group rules that apply to traffic going to different servers and helps to improve the filter policy’s readability and visibility by indicating a comment.
    Separators indicate the number of grouped rules and the numbers of the first and last rules in the form: “Rule name (contains the total number of rules, from first to last)”.
    You can collapse or expand the node of the separator in order to show or hide the rule grouping. You can also copy/paste a separator from one location to another.
  • Authentication rule: The aim of this is to redirect unauthenticated users to the captive portal. By selecting it, an authentication wizard will appear.
  • You need to select the Source (displays “Network_internal” by default) and the Destination (displays “Internet” by default) of your traffic from the drop-down list of objects, then click on Finish. As the port cannot be selected, the HTTP port is chosen automatically.
    You can specify as the Destination URL categories or groups that are exempt from the rule, and therefore accessible without authentication (the web object authentication_bypass contains by default Microsoft update sites). Access to these sites without authentication can therefore also benefit from the firewall’s security inspections.
  • SSL inspection rule: The aim of this wizard is to create rules that inspect the encrypted SSL traffic. You are strongly advised to go through this wizard to generate the two rules needed for the SSL proxy to run correctly.
  • You will need to define the Profile of traffic to be encrypted by indicating the Source hosts (“Network_internal” by default), Incoming interface (“any” by default), the Destination (“Internet” by default) and the Destination port (“ssl _srv” by default) from the drop-down list of objects.
    In order to Inspect encrypted traffic through the second zone in the wizard window, you will need to define the configuration of the Inspection profile, by selecting one of those you have defined earlier, or leave it in “Auto” mode. This automatic mode will apply the inspection relating to the source of the traffic (cf Application protection>Inspection profile).
    You can also enable the Antivirus or Antispam and select the URL, SMTP, FTP or SSL filter policies (checks the CN field of the certificate presented).
  • Explicit HTTP proxy rule: This option enables or disables the explicit HTTP proxy and defines who can access it. You will need to choose a Host object and an Incoming interface in the Source field. Next, define the Inspection of transmitted traffic by indicating whether you wish to enable the Antivirus and select the URL filter policies.
  • NOTE
    To allow a similar policy on a firewall hosted in the cloud and on a physical firewall, the listening port of an explicit HTTP proxy can be configured on a port other than the default port (8080/TCP).
    Click on Finish.

Delete Deletes the selected line.
Move up Places the selected line before the line just above it.
Move down Places the selected line after the line just below it.
Expand all Expands all rules in the tree.
Collapse all Collapses all folders in the directory.
Cut Cuts a filter rule in order to paste it.
Copy Copies a filter rule in order to duplicate it.
Paste Duplicates a filtering rule after having copied it.
Search in logs Whenever a filter rule rule is selected, click on this button to automatically search for the name of the rule in the "All logs" view (Logs > Audit logs > Views module). If the selected rule has not been named, a warning message will indicate that the search cannot be performed.
Search in monitoring Whenever a filter rule is selected, click on this button to automatically search for the name of the rule in the connection monitoring module.
Reset rules statistics Clicking on this button will reinitialize the digital and graphical counters showing how filter rules are used, located in the first column of the table.
Reset columns When you click on the arrow on the right in the field containing a column’s name (example: Status), you will be able to display additional columns or remove columns so that they will not be visible on the screen, by checking or unchecking them.

EXAMPLE
Tick the options “Name” and “Src port” which are not displayed by default.
By clicking on reset columns, your columns will be reset to their original settings, before you selected any additional columns. As such, “Name” and “Src port” will be hidden again.

NOTE
If you click quickly 10 times on the “Up” button, you will see that the rule moves up but the waiting window will only appear when you leave the button for 2 or 3 seconds. And at the end, only a single command will be executed. Rules can be moved more much fluidly as such.