While configuring firewall rules, you can select the existing object groups to match the source or destination. This includes the range of IP addresses or port numbers available in the object groups.
You can configure the firewall rules in Classic or New Orchestrator UI. The following procedure describes the configuration with Classic Orchestrator UI. To configure in New Orchestrator UI, see Configure Firewall with New Orchestrator UI.
Procedure
Results
- Navigate to Firewall tab. , select an Edge, and click the
- Click New Rule or .
- Define the rule with relevant object groups and other actions.
Edge-level Firewall Rule displays the rules inherited from profile and they are read only. If you want to override any Profile-level rule, then add a new rule. The added rule appears on top of the table and it can be manipulated by modifying or deleting, if needed.
Note: By default, the firewall rules are assigned to the global segment. If required, you can choose a segment from the
Select Segment drop-down and create firewall rules specific to the selected segment.