Policy Type Reference

The following tableTable 25 describes the characteristics of the available App Rules policy types.

 

Table 25. Policy Types

Policy Type	Description	Valid Source Service / Default	Valid Destination Service / Default	Valid Match Object Type	Valid Action Type	Connection Side
App Control Content	Policy using dynamic Application Control related objects for any application layer protocol	N/A	N/A	Application Category List, Application List, Application Signature List	Reset/Drop, No Action, Bypass DPI, Packet Monitor, BWM Global-*, WAN BWM *	N/A
CFS	Policy for content filtering	N/A	N/A	CFS Category List, CFS Allow / Forbidden List	CFS Block Page, Packet Monitor, No Action, BWM Global-*, WAN BWM *	N/A
Custom Policy	Policy using custom objects for any application layer protocol; can be used to create IPS-style custom signatures	Any / Any	Any / Any	Custom Object	Reset/Drop, Bypass DPI, Packet Monitor, No Action, BWM Global-*, WAN BWM *	Client Side, Server Side, Both
FTP Client	Any FTP command transferred over the FTP control channel	Any / Any	FTP Control / FTP Control	FTP Command, FTP Command + Value, Custom Object	Reset/Drop, Bypass DPI, Packet Monitor, No Action	Client Side
FTP Client File Upload	An attempt to upload a file over FTP (STOR command)	Any / Any	FTP Control / FTP Control	Filename, file extension	Reset/Drop, Bypass DPI, Packet Monitor, No Action, BWM Global-*, WAN BWM *	Client Side
FTP Client File Download	An attempt to download a file over FTP (RETR command)	Any / Any	FTP Control / FTP Control	Filename, file extension	Reset/Drop, Bypass DPI, Packet Monitor, No Action, BWM Global-*, WAN BWM *	Client Side
FTP Data Transfer	Data transferred over the FTP Data channel	Any / Any	Any / Any	File Content Object	Reset/Drop, Bypass DPI, Packet Monitor, No Action	Both
HTTP Client	Policy which is applicable to Web browser traffic or any HTTP request that originates on the client	Any / Any	Any / HTTP (configurable)	HTTP Host, HTTP Cookie, HTTP Referrer, HTTP Request Custom Header, HTTP URI Content, HTTP User Agent, Web Browser, File Name, File Extension Custom Object	Reset/Drop, Bypass DPI, Packet Monitor1, No Action, BWM Global-*, WAN BWM *	Client Side
HTTP Server	Response originated by an HTTP Server	Any / HTTP (configurable)	Any / Any	ActiveX Class ID, HTTP Set Cookie, HTTP Response, File Content Object, Custom Header, Custom Object	Reset/Drop, Bypass DPI, Packet Monitor, No Action, BWM Global-*, WAN BWM *	Server Side
IPS Content	Policy using dynamic Intrusion Prevention related objects for any application layer protocol	N/A	N/A	IPS Signature Category List, IPS Signature List	Reset/Drop, Bypass DPI, Packet Monitor, No Action, BWM Global-*, WAN BWM *	N/A
POP3 Client	Policy to inspect traffic generated by a POP3 client; typically useful for a POP3 server admin	Any / Any	POP3 (Retrieve Email) / POP3 (Retrieve Email)	Custom Object	Reset/Drop, Bypass DPI, Packet Monitor, No Action	Client Side
POP3 Server	Policy to inspect email downloaded from a POP3 server to a POP3 client; used for email filtering	POP3 (Retrieve Email) / POP3 (Retrieve Email)	Any / Any	Email Body, Email CC, Email From, Email To, Email Subject, File Name, File Extension, MIME Custom Header	Reset/Drop, Disable attachment, Bypass DPI, No action	Server Side
SMTP Client	Policy applies to SMTP traffic that originates on the client	Any / Any	SMTP (Send Email)/ SMTP (Send Email)	Email Body, Email CC, Email From, Email To, Email Size, Email Subject, Custom Object, File Content, File Name, File Extension, MIME Custom Header,	Reset/Drop, Block SMTP E-Mail Without Reply, Bypass DPI, Packet Monitor, No Action	Client Side

---

1

Packet Monitor action not supported for File Name or File Extension Custom Object