Application Firewall Configuration Page Options

  1. Select Configure>Security>Policy>Define AppFW Policy.

    The Application Firewall configuration page displays existing application rule sets for the device. Select a rule set to display its rules in the bottom pane. The content of this display is described in Table 38.

  2. Click one:
    • Add—Adds a new rule set configuration. Enter the information specified in Table 39. To add a rule configuration, click Add from the lower pane or from the Add Rule Set page, and enter the information specified in Table 40.
    • Edit—Edits the selected rule set or the selected rule. See Table 39 for rule set details or Table 40 for rule details.
    • Delete—Deletes the selected rule set or the selected rule configuration.
  3. Click one:
    • OK—Saves the configuration and returns to the main configuration page.
    • Commit Options>Commit—Commits the configuration and returns to the main configuration page.
    • Cancel—Cancels your entries and returns to the main configuration page.

Table 38: Application Firewall Configuration Page

Field

Function

Rule Set

Name

Specifies the name of an existing application rule set configured for the device.

Select a rule set to display its associated rules in the lower pane.

Rule

Specifies the name of each rule associated with the rule set. If this field contains more than two rule names, hover over the field to display the names of all the rules in a tool tip.

Rules in Selected Rule-Set

Rule Name

Displays the name of each rule contained in the selected rule set. This pane is blank until a rule set is selected in the upper pane.

Match Dynamic Applications

Specifies one or more application signatures to be used as match criteria for the rule.

Action

Specifies the action to be taken if traffic matches one of the specified applications.

  • permit—Permits traffic that matches this rule.
  • deny—Denies traffic that matches this rule.

Table 39: Add or Edit Rule Set Configuration Details

Field

Function

Action

Rule Set Name

Specifies the rule set name

Enter a rule set name.

When editing a rule set, the name cannot be changed.

Rules

When rules are defined for the new rule set, the Rules pane displays each rule name, its associated dynamic applications, and its action.

Click Add to create a rule for this rule set. See Table 40 for rule configuration details.

Table 40: Add or Edit Rule Configuration Details

Field

Function

Action

Rule Name

Specifies the name of the rule.

Enter a rule name.

When editing a selected rule, the name cannot be changed.

Rule Action

Specifies the action to be taken when traffic matches one of the dynamic application signatures associated with this rule.

  • permit—Permits traffic that matches this rule.
  • deny—Denies traffic that matches this rule.

Select permit or deny.

Note: All rules belonging to a rule set must have the same Action setting.

When editing a rule, changing the Action setting will change the setting in all rules in this rule set.

Match Dynamic Application

Applications

Displays the applications available on your device.

To add applications to the match criteria:

  • Select one or more applications in the Applications list. (Use the Ctrl key to select more than one item.)
  • Click the right arrow to move the selections to the Matched list.

Matched

Displays the applications selected as match criteria for the rule.

To delete applications from the match criteria:

  • Select one or more applications in the Matched list. (Use the Ctrl key to select more than one item.)
  • Click the left arrow to return the selections to the Applications list.

Search

Redisplays the Applications list with the specified application at the top.

Enter an application name.

Related Documentation