To add rules to a Rule Group, perform the following procedure.
For parameters and examples of valid entries (IP addresses, ports, application paths, and so forth), see
Host-based Firewall Rule Parameters.
Procedure
- On the left navigation pane, click .
- Select the policy.
- Click the Host-based Firewall tab.
- To add a rule group, click .
- To edit a rule group, click the Edit icon .
- Provide a rule name to identify the rule. For example,
Allow FTP to Corporate FTP Server
.
- In the Action drop-down menu, choose the type of action for the rule group.
- Allow
- Block
- Block and alert
A rule that is set to
Block and alert blocks the communication and issues an alert to the Alerts page.
Note: The alert severity score only displays for the
Block and alert option. You can choose an alert severity score between level 1 to level 10, with level 10 being the highest alert severity. By default, the alert severity score is set at level 4.
- Specify the Profile: Public, Private, or Domain. You can choose to select multiple profiles. For more information, see Location aware firewall rules.
- Specify the protocol: TCP, UDP, ICMP, or Any.
Note: In this context,
Any includes TCP, UDP, and ICMP protocols.
- Add an application path; for example,
C:\Windows\System32\ftp.exe
. Enter * if this rule applies to all application paths.
- Specify the traffic direction: Inbound, Outbound, or Both.
- Specify the Local IP, Local Port, Remote IP, and Remote Port.
- To add another rule to the rule group, click the icon to the right of the rule.
- You can copy a rule within a rule group. This makes it easier to create multiple rules that have slight distinctions. Click the icon to the right of the rule. A new rule displays that contains the same information as the original rule. You can then rename and edit the new rule.
- Rules are automatically ranked as you add them. You can reorder the ranking by dragging and dropping the rule in the list. Rules are processed in rank order.
- To enable a rule, select the Status check box to the left of the rule. (You can also enable all rules at the same time from the Actions menu on the Host-based Firewall tab.)
- To remove a rule, click the icon to the right of the rule.
- When you are finished adding rules, click Save.
Note: It can take up to 15 minutes for rules to update and begin enforcement on sensors.
What to do next
You can perform certain actions on rule groups and rules on the Host-based Firewall tab. See View and Modify Host-based Firewall Rules.