Adding or Editing Match Objects

To configure a match object, complete the following steps:

1	In the TreeControl, select the unit or group to configure.

2	Navigate to the Firewall > Match Objects page on the Policies tab.

3	To edit an existing match object, click the pencil icon under Configure for it. To add a new match object, click Add New Match Object. The Match Object Settings window displays.

 

4	In the Match Object Settings window, in the Object Name text box, type a descriptive name for the object.

5	Select a Match Object Type from the pull-down list. Your selection here affects available options in this screen. See Match Object Types for a description of Match Object Types.

6	Select a Match Type from the pull-down list. The available selections depend on the Match Object Type.

7	See the Extra Properties column in Match Object Types for a description of the additional fields and options that might appear on the page for different Match Object Types. Select the desired values for any additional fields or options.

8	For the Input Representation, click Alphanumeric to match a text pattern, or click Hexadecimal if you want to match binary content.

You can use a hex editor or a network protocol analyzer like Wireshark to obtain hex format for binary files.

9	Enable Negative Matching might be available, depending on the Match Type. Select the check box to match anything except the pattern in the Content text box. See Negative Matching for more information about using this option.

10	In the Content text box, type the pattern to match, and then click Add. The content appears in the List text box. Repeat to add another element to match.

You can add multiple entries to create a list of content elements to match. All content that you provide in a match object is case-insensitive for matching purposes. List entries are matched using the logical OR, so if any item in the list is matched, the action for the policy is executed.

11	Alternatively, you can click Load From File to import a list of elements from a text file. Each element in the file must be on a line by itself. The maximum file size is limited to 8192 bytes.

12	To remove an element from the list, select the element in the List box and then click Remove. To remove all elements, click Remove All.

13	Click OK. The Modify Task Description and Schedule window displays.

 

14	A description is automatically added in the Description field. Optionally change the description.

15	For Schedule, select one of the following radio buttons and set any associated fields:

•	Default – Use the default schedule configured for the Agent that manages this unit

•	Immediate – Create the object immediately

•	At – Select the exact time to activate this object using the pull-down lists for the hour, minute, time zone, month, and year. If your GMS deployment includes Agents in different time zones, you can select among them in the time zone pull-down list. Select the date from the calendar.

16	Click Accept to save the match object with this schedule. Click Cancel to exit without saving the match object.

At the unit level, you might need to refresh the Firewall > Match Objects page to see your new match object in the list.

Negative Matching

Negative matching provides an alternate way to specify which content to block. You can enable negative matching in a match object when you want to block everything except a particular type of content. When you use the object in a policy, the policy executes actions based on absence of the content specified in the match object. Multiple list entries in a negative matching object are matched using the logical AND, meaning that the policy action is executed only when all specified negative matching entries are matched.

Although all App Rules policies are DENY policies, you can simulate an ALLOW policy by using negative matching. For instance, you can allow email .txt attachments and block attachments of all other file types. Or you can allow a few types, and block all others.

Not all match object types can utilize negative matching. For those who can, you will see Enable Negative Matching on the Match Object Settings screen.