PANEL_addAppFirewallPolicy

Configuring a Policy

When you have created an application object, and optionally, an action or an email user object, you are ready to create a policy that uses them. For information about configuring these, see the following sections:
“Configuring Application Objects”
“Configuring Actions”
“Configuring Email User Objects”
“Configuring Application Layer Bandwidth Management”

For information about policies and policy types, see “Policies” .

Step 1
In the navigation pane on the left side, click Application Firewall , and then click Policies .
Step 2
In the Application Firewall Global Settings screen, click Add New Policy .
Step 3
In the Application Firewall Policies Settings dialog box, type a descriptive name for the policy.
Step 4
Select a Policy Type from the drop-down list. Your selection here will affect available options in the dialog box. For information about available policy types, see “Policies” .
Step 5
Select a source and destination address from the Address drop-down lists, and select the source or destination service. Some policy types do not provide a choice of service.
Step 6
For Exclusion Address, optionally select an address from the drop-down list. This address will not be affected by the policy.
Step 7
For Application Object, select an application object from the drop-down list. The list contains the defined application objects that are applicable to the policy type.
Step 8
For Action, select an action from the drop-down list. The list contains actions that are applicable to the policy type, and can include the four predefined actions, plus any customized actions.
Step 9
For Users/Groups, select from the drop-down lists for both Included and Excluded. The selected users or group under Excluded will not be affected by the policy.
Step 10
If the policy type is SMTP, select from the drop-down lists for Mail From and Rcpt To, for both Included and Excluded. The selected users or group under Excluded will not be affected by the policy.
Step 11
For Schedule, select from the drop-down list. A variety of schedules for the policy to be in effect is available in the list.
Step 12
If you want the policy to create a log entry when a match is found, check Enable Logging .
Step 13
For Log Redundancy Filter, you can either select Global Settings to use the global value set on the Application Firewall > Policies page, or you can enter a number of seconds to delay between each log entry for this policy. The local setting overrides the global setting only for this policy; other policies are not affected.
Step 14
For Connection Side, select from the drop-down list. The available choices depend on the policy type.
Step 15
For Direction, click either Basic or Advanced . Basic allows you to select incoming, outgoing, or both. Advanced allows you to select between zones, such as LAN to WAN.
Step 16
Click OK .