Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Editing Default Settings for the Unified Firewall Policy

Use the Default Profiles for Unified Firewall Policy page to configure the default profile, SSL proxy profile, IPS profile,, and reject or redirect URL or message in the unified firewall policy for a tenant. If you enable a default SSL proxy profile for the tenant, CSO sets the default SSL proxy profile for the tenant as the the default SSL profile in the unified firewall policy.

The unified firewall takes some time to detect the application in a traffic and act upon it. The default profiles help in providing security during that time. The default settings are applicable to all the unified firewall policies belonging to a tenant and pushed to all those sites where a firewall policy is deployed.

To configure default settings for the unified firewall policy:

  1. Select Configuration > Firewall > Default Settings in Customer Portal.

    The Default Profiles for Unified Firewall Policy Settings page appears.

  2. Click the Edit button.

    The fields on the page can now be modified.

  3. Complete the configuration according to the guidelines provided in Table 1.
  4. Do one of the following:

    • Click Cancel to cancel the changes.

    • Click OK to save the changes.

      The settings are saved and a confirmation message is displayed.

      You can deploy the changes by editing the unified firewall policy and then redeploying it.

Table 1: Default Profiles for the Unified Firewall Policy

Setting

Guideline

Default UTM Policy

Select a default Content Security profile (policy) from the drop-down list.

Alternatively, click the Add UTM Profile to add a Content Security profile and use it as the default Content Security profile.

The Create Content Security Profiles wizard appears. For information about creating an Content Security policy, see Creating UTM Profiles.

Default SSL Profle

Select a default SSL proxy profile from the drop-down list.

Alternatively, click Add SSL Profile to add a new SSL proxy profile and use it as the default SSL proxy profile. .

The Create SSL Proxy Profiles page appears. For information about configuring SSL proxy profiles, See Creating SSL Forward Proxy Profiles.

Default IPS Profile

Select the IPS profile that you want to associate with the unified firewall policy as the default IPS profile.

Reject Settings

Reject Action

When the action of the firewall is set to deny a particular application traffic, provide an alternative URL to redirect such traffic or a reason for blocking the traffic and an action that a user can perform.

Select one of the following:

  • None: Do nothing when an application’s traffic is blocked by the firewall.

  • Redirect URL: Redirect traffic to a specified URL when the firewall blocks the traffic.

    If you select this option, you must specify the URL to which traffic should be redirected (in the Redirect URL field).

  • Text: Block traffic and display a message.

    If you select this option, you must enter the message (in the Block Message field) to be displayed or logged when the firewall blocks the traffic.

Redirect URL

If you chose Redirect URL for Reject Action, enter the URL to which an application traffic must be redirected.

Text

If you choose Text for Reject Action, enter the reason for blocking the traffic and what a user can do subsequently.

You can enter a maximum of 256 alphanumeric characters including spaces.

Related Documentation