Context profiles enable creating attributes key value pairs such as layer 7 App Id, and Domain Names. After a context profile has been defined, it can be used in one or more distributed firewall rules and gateway firewall rules.

There are two attributes for use in context profiles: App Id and Domain (FQDN) Name. Select App Ids can have one or more sub attributes, such the TLS_Version and CIPHER_SUITE. Both App Id and domain name can be used in a single context profile. Multiple App Ids can be used in the same profile. One App Id with sub attributes can be used - sub attributes are cleared when multiple App Id attributes are used in a single profile.

Currently, a predefined list of domains is supported. You can see the list of FQDNs when you add a new context profile of attribute type Domain (FQDN) Name. You can also see a list of FQDNs by running the API call /policy/api/v1/infra/context-profiles/attributes?attribute_key=DOMAIN_NAME.

Procedure

  1. Select Inventory > Context Profiles.
  2. Click Add New Context Profile.
  3. Enter a Profile Name.
  4. In the Attributes column, click Set.
  5. Select an attribute, or click Add Attribute, and select App Id, URL Category, or Domain (FQDN) Name.
  6. Select one or more attributes.
  7. (Optional) If you have selected an attribute with sub attributes such as SSL or CIFS, click Set in the Sub Attributes/Values column.
    1. Click Add Sub Attribute and select a sub attribute category from the drop-down menu.
    2. Select one or more sub attributes.
    3. Click Add. Another sub attribute can be added by clicking Add Sub Attribute.
    4. Click Apply.
  8. Click Add.
  9. (Optional) To add another type of attribute, click Add Attribute again.
  10. Click Apply.
  11. (Optional) Enter a description.
  12. (Optional) Enter a tag.
  13. Click Save.

What to do next

Apply this context profile to a layer 7 distributed firewall rule (for layer 7 or Domain name) or gateway firewall rule (for layer 7).