Applies To: Cloud-managed Fireboxes
Overview
In a firewall policy for a cloud-managed Firebox, the Advanced policy settings include these settings:
Description
In the Description text box, you can optionally type a policy description.
Policy Schedule
You can select a schedule defined in the Firebox configuration or a template the Firebox subscribes to and apply it to the firewall policy. The schedule determines when the policy is active or inactive. For more information, go to Configure a Schedule for a Firewall Policy in WatchGuard Cloud.
WebSocket
WebSocket connections allow bidirectional communication between a client and server over a single TCP connection, which enables more efficient data transfer. You can specify whether to allow connections that use WebSocket protocol in Outbound policies. WebSocket connections are disabled by default.
To allow WebSocket connections on Outbound policies, select the Allow WebSocket Connections check box.
For more information about the WebSocket Protocol, go to RFC 6455.
Idle Timeout
Idle timeout defines the maximum length of time that a connection can stay active when no traffic is sent through the connection. For information about this policy setting, go to Configure a Custom Idle Timeout in a Firewall Policy.
1-to-1 NAT
In policy-based 1-to-1 NAT, the Firebox uses the IP addresses that you specify when you configure 1-to-1 NAT in the networking settings, and the Firebox applies 1-to-1 NAT rules to individual policies. For information about 1-to-1 NAT settings, go to Configure 1-to-1 NAT in a Firewall Policy.
Dynamic NAT
In policy-based 1-to-1 NAT, the Firebox uses the IP addresses that you specify when you configure 1-to-1 NAT in the networking settings, and the Firebox applies 1-to-1 NAT rules to individual policies. For information about 1-to-1 NAT settings, go to Configure 1-to-1 NAT in a Firewall Policy.
Sticky Connection
Global WAN settings control how the Firebox routes outbound traffic when multiple external networks are configured. The sticky connection setting controls how long a connection continues to use the same WAN interface. To override the global WAN sticky connection setting, you can configure a policy with a custom sticky connection. For information about this policy setting, go to Configure Sticky Connection Settings in a Firewall Policy.
Connection Rate Limit
You can create a limit on a firewall policy so that it filters only a specified number of connections per second. When you configure this feature, the Firebox denies traffic for any additional connections and generates log messages and optional notifications. For more information about how to configure these settings, go to Configure a Connection Rate Limit in a Firewall Policy.
Notification
You can enable notifications if you want the Firebox to send an alert log message or an SNMP trap when traffic matches the policy. For information about how to configure this setting, go to Configure Notifications in a Firewall Policy.
Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have the Devices permission to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.
Configure Advanced Settings in a Firewall Policy
To configure advanced settings in a firewall policy:
- Add or edit a policy. For more information, go to Configure Firewall Policies in WatchGuard Cloud.
- In the policy configuration, select the Advanced tab.
- Configure the advanced settings.
- To save the policy, click Save.