Creating a New Environment Condition

Use the Create New Environment Condition page to create a new environment condition using the environment variables.

To create a new environment condition:

Select Configure > Environment.
The Environment page appears.
Select the Environment Conditions tab and click the + icon.
The Create New Environment Condition page appears.
Complete the configuration by using the guidelines in Table 1.
Click Save to save the configuration or Cancel to discard the configuration.

After defining a new condition, you must apply it to the firewall policy rules. After assigning these conditions to the rules, publish and update to the device.

Table 1: Fields on the Create New Environment Condition Page

Field	Description
Condition Name	Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters.
Description	Enter a description for the environment condition; maximum length is 255 characters.
Condition	Click the field and select the environment variable and the required possible values. You can choose one or more variables in a combination. For example, use ’=’ or ’!=’ operator to apply OR condition for the possible values. You can choose the AND operator, for the AND condition.

Field

Description

Condition Name

Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters.

Description

Enter a description for the environment condition; maximum length is 255 characters.

Condition

Click the field and select the environment variable and the required possible values.

You can choose one or more variables in a combination. For example, use ’=’ or ’!=’ operator to apply OR condition for the possible values. You can choose the AND operator, for the AND condition.

Security administrators can now use the conditional evaluators based on the environment variables in the firewall policy. Security Director auto-calculates the changes to the relevant rules and based on the administrator’s approval, pushes out these changes to the entire network as required.

For example, the firewall policy rule table is updated with environment conditions, as shown in Table 2. If the ThreatLevel is Orange at a point of time, the system enables IPS service automatically for the corresponding traffic.

Table 2: Firewall Rule with a Condition

Rule Number	Source Traffic Match Criteria	Destination Traffic Match Criteria	Environmental Condition	Firewall Action(s)	Other Actions
1000	Any	MyCriticalServers	ThreatLevel=GREEN	PERMIT	LOG
			ThreatLevel=ORANGE	PERMIT	LOG IPS_STD_PROFILE
			ThreatLevel=RED	DENY	LOG

Creating a New Environment Condition

Related Documentation