Environment Variables and Conditions Overview
You can use environment variables and conditions to configure dynamic policy actions for your firewall policy rules. With traditional firewall rules, if you want to block all outbound traffic, then you must manually modify the action of the rules from permit to deny. Similarly, if you want to allow all traffic, you modify the action from deny to permit. When handling critical events, going through hundreds of firewall policy rules and modifying them is both time consuming and inefficient. Further, when the event is over, you might need to revert those rule settings to the previously configured values.
To avoid such manual configurations to the firewall rules and to improve your control over configurations, as a network administrator, you can define environment variables and apply conditions by using these variables. Based on the conditions that you define, certain preconfigured actions are taken on the firewall policy rules dynamically.
Along with the action, you can define certain advanced security properties. You can also disable the rules based on the action and change the logging options.
Table 1 and Table 2 show examples of the usage of custom-defined environment variables and rule actions based on variable values.
Table 1: Example of Custom-Defined Environment Variables
Environment Variable | Type | Possible Value | Default Value | Current Value |
|---|---|---|---|---|
Threat Level | String | Low, Medium, High | Low | High |
Table 2: Example of Rule Actions Based on Variable Values
Rule # | Source | Destination | Service | Firewall | IPS |
|---|---|---|---|---|---|
m | Employee | Internet video | http | If (ThreatLevel= High) Deny Else Permit | None |
n | WebZone | DBZone | DB | Permit | If (ThreatLevel=High) Adv_profile Else Std_Profile |
Table 3 shows an example of how conditions are used. In the Environment Condition column, the condition is first evaluated to identify the related set of action the system will take. For example, if the value of the ThreatLevel environment variable is Medium at any point of time, the system automatically enables the intrusion prevention system (IPS) service for the corresponding traffic.
Table 3: Example of Environment Condition
Rule Number | Source Traffic Match Criteria | Destination Traffic Match Criteria | Environment Condition | Firewall Action | Other Actions |
|---|---|---|---|---|---|
1000 | Any | MyCriticalServers | ThreatLevel=Low | PERMIT | LOG |
ThreatLevel=Medium | PERMIT | LOG IPS_STD_PROFILE | |||
ThreatLevel=High | DENY | LOG |
Benefits of Environment Variables and Conditions
Simplifies the task of creating, in advance, different security actions that the security team can take to test the system’s behavior under different environmental conditions.
Reduces the time required to react to security threats or situations and take the required actions. During critical situations, security administrators must focus on identifying the attacks and, with environment variables configured, they do not have to spend too much time and effort in manipulating the rules table.
Reduces the probability of manual errors, especially during critical events when a large number of firewall policy rules need to be edited.
Helps reduce business risks by streamlining security operations for normal conditions as well as for other dynamic conditions.