Creating a New Environment Condition
Use the Create New Environment Condition page to create a new environment condition using the environment variables.
To create a new environment condition:
- Select Configure > Environment.
The Environment page appears.
- Select the Environment Conditions tab and click
the + icon.
The Create New Environment Condition page appears.
- Complete the configuration by using the guidelines in Table 1.
- Click Save to save the configuration or Cancel to discard the configuration.
After defining a new condition, you must apply it to the firewall policy rules. After assigning these conditions to the rules, publish and update to the device.
Table 1: Fields on the Create New Environment Condition Page
Field | Description |
---|---|
Condition Name | Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters. |
Description | Enter a description for the environment condition; maximum length is 255 characters. |
Condition | Click the field and select the environment variable and the required possible values. You can choose one or more variables in a combination. For example, use ’=’ or ’!=’ operator to apply OR condition for the possible values. You can choose the AND operator, for the AND condition. |
Security administrators can now use the conditional evaluators based on the environment variables in the firewall policy. Security Director auto-calculates the changes to the relevant rules and based on the administrator’s approval, pushes out these changes to the entire network as required.
For example, the firewall policy rule table is updated with environment conditions, as shown in Table 2. If the ThreatLevel is Orange at a point of time, the system enables IPS service automatically for the corresponding traffic.
Table 2: Firewall Rule with a Condition
Rule Number | Source Traffic Match Criteria | Destination Traffic Match Criteria | Environmental Condition | Firewall Action(s) | Other Actions |
---|---|---|---|---|---|
1000 | Any | MyCriticalServers | ThreatLevel=GREEN | PERMIT | LOG |
ThreatLevel=ORANGE | PERMIT | LOG IPS_STD_PROFILE | |||
ThreatLevel=RED | DENY | LOG |