Contents

Related Topics

About Rules and Rulesets

When you configure a proxy policy or ALG (application layer gateway), you must select a proxy action to use. You can use either a predefined proxy action or create a new proxy action. Each proxy action contains rules. Rules are sets of criteria to which a proxy compares traffic.

A rule consists of a type of content, pattern, or expression, and the action of the Firebox when a component of the packet’s content matches that content, pattern, or expression. Rules also include settings for when the Firebox sends alarms or creates a log entry. A ruleset is a group of rules based on one feature of a proxy such as the content types or filenames of email attachments.

Your Firebox configuration includes default sets of rules in each proxy actions used by each proxy policy. Separate sets of rules are provided for clients and servers, to protect both your trusted users and your public servers. You can use the default configuration for these rules, or you can customize them for your particular business purposes. You cannot modify or delete predefined proxy actions. If you want to make changes to a predefined proxy action, you can clone it a new proxy action and then make the necessary changes in the new proxy action.

About Working with Rules and Rulesets

When you edit a proxy action, you can see the list of rulesets that apply to that proxy action. You can expand each ruleset to see and edit the rules for that proxy action.

WatchGuard provides a set of predefined rulesets that provide a good balance of security and accessibility for most installations. If a default ruleset does not meet all of your business needs, you can Add, Change, or Delete Rules.

Configure Rulesets in Fireware Web UI

To configure rulesets for a proxy action:

  1. Select Firewall > Proxy Actions.
    The Proxy Actions page appears.
  2. Double-click a proxy action to edit it.
    The Proxy Actions / Edit page appears.
  3. Add, Change, or Delete Rules.

Simple and Advanced Views in Policy Manager

You can see rules in proxy definitions in two ways: simple view and advanced view.

  • Simple view — Select this view to configure wildcard pattern matching with simple regular expressions.
  • Advanced view — Shows the action for each rule. Select this view to edit, clone (use an existing rule definition to start a new one), delete, or reset rules. You can also use the advanced view to configure exact match and Perl-compatible regular expressions.

After you have used the advanced view, you can only change to the simple view if all enabled rules have the same action, alarm, or log settings. For example, if you have five rules with four set to Allow and one set to Deny, you must continue to use the advanced view.

Configure Rulesets and Change the View in Policy Manager

To configure rulesets for a policy, from Policy Manager:

  1. Double-click a policy or add a new policy.
    The Policy Properties dialog box appears with the Policy tab selected.
  2. Adjacent to the Proxy action drop-down list, click View/Edit Policy button.
    The Proxy Action Configuration dialog box appears.
  3. To change the view, click Change View.
  4. Add, Change, or Delete Rules.

See Also

Add, Change, or Delete Rules

Cut and Paste Rule Definitions

Change the Order of Rules

Change the Default Rule

About Proxy Actions

Import and Export Rulesets

Give Us Feedback     Get Support     All Product Documentation     Technical Search