Editing Default Settings for the Unified Firewall Policy
Use the Default Profiles for Unified Firewall Policy page to configure the default profile, SSL proxy profile, IPS profile, and reject or redirect URL or message in the unified firewall policy for a tenant. If you enable a default SSL proxy profile for the tenant, CSO sets the default SSL proxy profile for the tenant as the the default SSL profile in the unified firewall policy.
The unified firewall takes some time to detect the application in a traffic and act upon it. The default profiles help in providing security during that time. The default settings are applicable to all the unified firewall policies belonging to a tenant and pushed to all those sites where a firewall policy is deployed.
To configure default settings for the unified firewall policy:
- Select Configuration > Firewall > Default Settings in Customer Portal.
The Default Profiles for Unified Firewall Policy Settings page appears.
- Click the Edit button.
The fields on the page can now be modified.
- Complete the configuration according to the guidelines provided in Table 1.
- Do one of the following:
Click Cancel to cancel the changes.
Click OK to save the changes.
The settings are saved and a confirmation message is displayed.
You can deploy the changes by editing the unified firewall policy and then redeploying it.
Table 1: Default Profiles for the Unified Firewall Policy
Default UTM Policy
Select a default UTM profile (policy) from the drop-down list.
Alternatively, click the Add UTM Profile to add a UTM profile and use it as the default UTM profile.
The Create UTM Profiles wizard appears. For information about creating an UTM policy, see Creating UTM Profiles.
Default SSL Profle
Select a default SSL proxy profile from the drop-down list.
Alternatively, click Add SSL Profile to add a new SSL proxy profile and use it as the default SSL proxy profile. .
The Create SSL Proxy Profiles page appears. For information about configuring SSL proxy profiles, See Creating SSL Forward Proxy Profiles.
Default IPS Profile
Select the IPS profile that you want to associate with the unified firewall policy as the default IPS profile.
When the action of the firewall is set to deny a particular application traffic, provide an alternative URL to redirect such traffic or a reason for blocking the traffic and an action that a user can perform.
Select one of the following:
If you chose Redirect URL for Reject Action, enter the URL to which an application traffic must be redirected.
If you choose Text for Reject Action, enter the reason for blocking the traffic and what a user can do subsequently.
You can enter a maximum of 256 alphanumeric characters including spaces.