Application Firewall Configuration Page Options

Select Configure>Security>Policy>Define AppFW Policy.
The Application Firewall configuration page displays existing application rule sets for the device. Select a rule set to display its rules in the bottom pane. The content of this display is described in Table 93.
Click one:
- Add—Adds a new rule set configuration. Enter the information specified in Table 94. To add a rule configuration, click Add from the lower pane or from the Add Rule Set page, and enter the information specified in Table 95.
- Edit—Edits the selected rule set or the selected rule. See Table 94 for rule set details or Table 95 for rule details.
- Delete—Deletes the selected rule set or the selected rule configuration.
Click one:
- OK—Saves the configuration and returns to the main configuration page.
- Commit Options>Commit—Commits the configuration and returns to the main configuration page.
- Cancel—Cancels your entries and returns to the main configuration page.

Table 93: Application Firewall Configuration Page

Field	Function
Rule Set
Name	Specifies the name of an existing application rule set configured for the device. Select a rule set to display its associated rules in the lower pane.
Rule	Specifies the name of each rule associated with the rule set. If this field contains more than two rule names, hover over the field to display the names of all the rules in a tool tip.
Rules in Selected Rule-Set
Rule Name	Displays the name of each rule contained in the selected rule set. This pane is blank until a rule set is selected in the upper pane.
Match Dynamic Applications	Specifies one or more application signatures to be used as match criteria for the rule.
Action	Specifies the action to be taken if traffic matches one of the specified applications. permit—Permits traffic that matches this rule. deny—Denies traffic that matches this rule.

Table 94: Add or Edit Rule Set Configuration Details

Field	Function	Action
Rule Set Name	Specifies the rule set name	Enter a rule set name. When editing a rule set, the name cannot be changed.
Rules	When rules are defined for the new rule set, the Rules pane displays each rule name, its associated dynamic applications, and its action.	Click Add to create a rule for this rule set. See Table 95 for rule configuration details.

Field

Function

Action

Rule Set Name

Specifies the rule set name

Enter a rule set name.

When editing a rule set, the name cannot be changed.

Rules

When rules are defined for the new rule set, the Rules pane displays each rule name, its associated dynamic applications, and its action.

Click Add to create a rule for this rule set. See Table 95 for rule configuration details.

Table 95: Add or Edit Rule Configuration Details

Field	Function	Action
Rule Name	Specifies the name of the rule.	Enter a rule name. When editing a selected rule, the name cannot be changed.
Rule Action	Specifies the action to be taken when traffic matches one of the dynamic application signatures associated with this rule. permit—Permits traffic that matches this rule. deny—Denies traffic that matches this rule.	Select permit or deny. Note: All rules belonging to a rule set must have the same Action setting. When editing a rule, changing the Action setting will change the setting in all rules in this rule set.
Match Dynamic Application
Applications	Displays the applications available on your device.	To add applications to the match criteria: Select one or more applications in the Applications list. (Use the Ctrl key to select more than one item.) Click the right arrow to move the selections to the Matched list.
Matched	Displays the applications selected as match criteria for the rule.	To delete applications from the match criteria: Select one or more applications in the Matched list. (Use the Ctrl key to select more than one item.) Click the left arrow to return the selections to the Applications list.
Search	Redisplays the Applications list with the specified application at the top.	Enter an application name.