Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Adding a Firewall Policy

A firewall policy enforces rules for transit traffic, in terms of what traffic can pass through the firewall, and the actions that need to take place on traffic as it passes through the firewall.

Use this page to add a firewall policy and assign it to one or more sites.


A single policy can have both enterprise based intents and zone based intents for SD-WAN sites and next generation firewall sites.

To add a firewall policy:

  1. Select Configuration > Firewall > Firewall Policy,

    The Firewall Policy page appears.

  2. Click the plus icon (+).

    The Add Firewall Policy page appears.

  3. Complete the configuration settings according to the guidelines provided inTable 1.

    Fields marked with an asterisk (*) are mandatory.

  4. Click OK.

    The new firewall policy is created and and a confirmation message is displayed.

Table 1: Fields on the Add Firewall Policy Page




Enter a unique string of alphanumeric characters that can include spaces and some special characters.

The maximum length is 255 characters.


Enter a description for the policy; the maximum length is 255 characters.

All Sites

Click the toggle button to apply the firewall policy to all sites.

Select Sites

Applicable only if you have not enabled the All Sites toggle button.

Select one or more sites or site groups to which the policy must be applied.

Select the sites or site groups from the Available column and click the right-arrow to move the sites or site groups to the Selected column.

If you add a site to (or remove a site from) a site group that is selected in a firewall policy, CSO marks the policy as Redeploy Required, and you need to manually redeploy that policy. If you activate a site belonging to a site group selected in a firewall policy that is in the Deployed state, the policy is automatically deployed to that site.