Add a Proxy Policy to Your Configuration
When you add a proxy policy or ALG (application layer gateway) to your Firebox configuration file, you specify types of content that the Firebox must find as it examines network traffic. If the content matches (or does not match) the criteria you set in the proxy or ALG definition, the traffic is either allowed or denied, based on the criteria and settings you specify.
You can use the default settings of the proxy policy or ALG, or you can change these settings to match network traffic in your organization. You can also create additional proxy policies or ALGs to manage different parts of your network.
It is important to remember that a proxy policy or ALG requires more processor power than a packet filter. If you add a large number of proxy policies or ALGs to your configuration, network traffic speeds might decrease. However, a proxy or ALG uses methods that packet filters cannot use to catch dangerous packets. Each proxy policy includes several settings that you can adjust to create a balance between your security and performance requirements.
To add a proxy policy, from Fireware Web UI:
- Select Firewall > Firewall Policies.
- Click Add Policy.
- In the Policy Name text box, type a name for the policy.
- For the Select a policy type option, select Proxies.
- From the first drop-down list, select a proxy, and from the second drop-down list, select a proxy action.
- Click Add Policy.
The Firewall Policies / Add page appears.
To add a proxy policy, from Policy Manager:
- Click .
Or, select Edit > Add Policies.
The Add Policies dialog box appears.
- Expand the Proxies folder.
A list of proxy policies appears.
- Select a proxy policy. Click Add.
The New Policy Properties dialog box appears.
For more information on the basic properties of all policies, see About Policy Properties.
Proxy policies and ALGs have default proxy action rulesets that provide a good balance of security and accessibility for most installations. If a default proxy action ruleset does not match the network traffic you want to examine, you can add a new proxy action, or clone an existing proxy action to modify the rules. You cannot modify a default predefined proxy action. For more information, see About Rules and Rulesets and the About topic for the type of policy you added.
|About the DNS-Proxy||About the HTTPS-Proxy|
|About the FTP-Proxy||About the POP3-Proxy|
|About the Explicit Proxy||About the SIP-ALG|
|About the H.323-ALG||About the SMTP-Proxy|
|About the HTTP-Proxy||About the TCP-UDP-Proxy|