You can use environment variables and conditions to configure dynamic policy actions for your firewall policy rules. With traditional firewall rules, if you want to block all outbound traffic, then you must manually modify the action of the rules from permit to deny. Similarly, if you want to allow all traffic, you modify the action from deny to permit. When handling critical events, going through hundreds of firewall policy rules and modifying them is both time consuming and inefficient. Further, when the event is over, you might need to revert those rule settings to the previously configured values.
To avoid such manual configurations to the firewall rules and to improve your control over configurations, as a network administrator, you can define environment variables and apply conditions by using these variables. Based on the conditions that you define, certain preconfigured actions are taken on the firewall policy rules dynamically.
Along with the action, you can define certain advanced security properties. You can also disable the rules based on the action and change the logging options.
Table 149 and Table 150 show examples of the usage of custom-defined environment variables and rule actions based on variable values.
Table 149: Example of Custom-Defined Environment Variables
Environment Variable | Type | Possible Value | Default Value | Current Value |
|---|---|---|---|---|
Threat Level | String | Low, Medium, High | Low | High |
Table 150: Example of Rule Actions Based on Variable Values
Rule # | Source | Destination | Service | Firewall | IPS |
|---|---|---|---|---|---|
m | Employee | Internet video | http | If (ThreatLevel= High) Deny Else Permit | None |
n | WebZone | DBZone | DB | Permit | If (ThreatLevel=High) Adv_profile Else Std_Profile |
Table 151 shows an example of how conditions are used. In the Environment Condition column, the condition is first evaluated to identify the related set of action the system will take. For example, if the value of the ThreatLevel environment variable is Medium at any point of time, the system automatically enables the intrusion prevention system (IPS) service for the corresponding traffic.
Table 151: Example of Environment Condition
Rule Number | Source Traffic Match Criteria | Destination Traffic Match Criteria | Environment Condition | Firewall Action | Other Actions |
|---|---|---|---|---|---|
1000 | Any | MyCriticalServers | ThreatLevel=Low | PERMIT | LOG |
ThreatLevel=Medium | PERMIT | LOG IPS_STD_PROFILE | |||
ThreatLevel=High | DENY | LOG |
Simplifies the task of creating, in advance, different security actions that the security team can take to test the system’s behavior under different environmental conditions.
Reduces the time required to react to security threats or situations and take the required actions. During critical situations, security administrators must focus on identifying the attacks and, with environment variables configured, they do not have to spend too much time and effort in manipulating the rules table.
Reduces the probability of manual errors, especially during critical events when a large number of firewall policy rules need to be edited.
Helps reduce business risks by streamlining security operations for normal conditions as well as for other dynamic conditions.
© 2018 Juniper Networks, Inc. All rights reserved