Control Network Traffic > Policies > About Custom Policies > Create or Edit a Custom Policy Template

Create or Edit a Custom Policy Template

To add specialized policies to your configuration files, you can create custom policy templates. These templates can be packet filter or proxy policies and use any available protocol. When you add a custom policy template to your configuration file, make sure to specify a unique name for the policy, so you can find the policy when you want to change or remove it. This name must not be the same as any other policy name in the policies list for your Firebox.

To create a custom policy template, from Fireware Web UI:

  1. Select Firewall > Firewall Policies or Firewall > Mobile VPN IPSec Policies.
    The Policies page you selected appears.
  2. Click Add Policy.
    The Add  Firewall Policy page appears.

Screen shot of the Add Firewall Policy page

  1. For the policy type, select Custom.
  2. From the Custom drop-down list, select a policy or click Add to create a new custom policy
    The Add Policy Template page appears.

Screen shot of the Add Policy Template page

  1. In the Name text box, type a name for the custom policy.
  2. (Optional) In the Description text box, type a description of the policy.
    This appears in the Details section when you click the policy name in the list of User Filters.
  3. Select a type: Packet Filter or Proxy.
  4. For a proxy, from the Proxy drop-down list, select a proxy type.
  5. To add a protocol, click Add.
    The Add Protocol dialog box appears.

Add Protocol dialog box, with single port and TCP options selected

  1. From the Type drop-down list, select an option: Single Port or Port Range.
  2. From the Protocol drop-down list, select the protocol to use for this policy.
    If you select Single Port, you can select TCP, UDP, GRE, AH, ESP, ICMP, IGMP, OSP, IP, or Any.
    If you select Port Range, you can select TCP or UDP. The options below the drop-down list change for each protocol.

Fireware OS does not pass IGMP multicast traffic through the Firebox, or between Firebox interfaces. It passes IGMP multicast traffic only between an interface and the Firebox.

  1. If you selected Single Port, in the Server Port text box, type the port number.
    If you selected Port Range, in the Start Server Port and End Server Port text boxes, type the server port range.
  2. Click OK.
    The protocol appears in the Protocols list.
  3. To specify the idle timeout, select the Specify custom idle timeout check box and type the timeout value in seconds.
  4. Click Save.
    The custom policy name appears in the Add Firewall Policy page in the Custom drop-down list.

To create a custom policy template, from Policy Manager:

  1. Click Policy Manager Add Policy button.
    Or, select Edit > Add Policies.
    The Add Policies dialog box appears.
  2. Click New.
    Or, select a custom policy template and click Edit.
    The New Policy Template dialog box appears.

New Policy Template dialog box

  1. In the Name text box, type the name of the custom policy.
    The name appears in the policies list in the Policy Name column.
  2. In the Description text box, type a description of the policy.
    This appears in the Details section when you click the policy name in the list of User Filters.
  3. Select the type of policy: Packet Filter or Proxy.
  4. If you select Proxy, choose the proxy protocol from the adjacent drop-down list.
  5. To specify the idle timeout, select the Specify Custom Idle Timeout check box and type the timeout value in seconds.
  6. To add protocols for this policy, click Add.
    The Add Protocol dialog box appears.

Add Protocol dailog box for custom policy template.

  1. From the Type drop-down list, select Single Port or Port Range.
  2. From the Protocol drop-down list, select the protocol for this new policy.
    If you select Single Port, you can select TCP, UDP, GRE, AH, ESP, ICMP, IGMP, OSP, IP, or Any.
    If you select Port Range, you can select TCP or UDP. The options below the drop-down list change for each protocol.

Fireware OS does not pass IGMP multicast traffic through the Firebox, or between Firebox interfaces. It passes IGMP multicast traffic only between an interface and the Firebox.

  1. If you selected Single Port, in the Server Port text box, type or select the port for this new policy.
    If you selected Port Range, in the Start Server Port and End Server Port text boxes, type or select the starting server port and the ending server port.
  2. Click OK.
    The policy template is added to the Custom policies folder.

You can now use the policy template you created to add one or more custom policies to your configuration. Use the same procedure as you would for a predefined policy.

See Also

Add a Policy from the List of Templates

Import and Export Custom Policy Templates

Give Us Feedback     Get Support     All Product Documentation     Technical Search