Add, Change, or Delete Rules

When you configure rules, you can use wildcard pattern matches, exact matches, and Perl-compatible regular expressions to identify content. When you add rules, you select the action for each rule, and you can edit, clone (use an existing rule definition to create a new rule), delete, or reset rules.

For more information, see About Rules and Rulesets and About Regular Expressions.

When you configure a rule, you select the actions the proxy takes for each packet. Different actions appear for different proxies or for different features of a particular proxy. This list includes all possible actions:

Allow

Allows the connection.

Deny

Denies a specific request but keeps the connection if possible. Sends a response to the client.

Drop

Denies the specific request and drops the connection. Does not send a response to the sender. The XTM device sends only a TCP reset packet to the client. The client’s browser might display “The connection was reset” or “The page cannot be displayed” but the browser does not tell the user why.

Block

Denies the request, drops the connection, and blocks the site. For more information on blocked sites, see About Blocked Sites.
All traffic from this site's IP address is denied for the amount of time specified in the Firewall > Blocked Sites page on the Auto-Blocked tab. Use this action only if you want to stop all traffic from the offender for this time.

Strip

Removes an attachment from a packet and discards it. The other parts of the packet are sent through the XTM device to its destination.

Lock

Locks an attachment, and wraps it so that it cannot be opened by the user. Only the administrator can unlock the file.

AV Scan

Scans the attachment for viruses. If you select this option, Gateway AntiVirus is enabled for the policy.

Add Rules 

For information on how to work with regular expressions, see About Regular Expressions.

1. On the Edit Proxy Action page, in the list of rules for a ruleset, click Add.
   The Add Rule dialog box appears.

2. In the Rule Name text box, type the name of the rule.
   This text box is blank when you add a rule, and cannot be changed when you edit a rule.
3. In the Match Type drop-down list, select an option:

• Exact Match — Select when the contents of the packet must match the rule text exactly.
• Pattern Match — Select when the contents of the packet must match a pattern of text, can include wildcard characters.
• Regular Expression — Select when the contents of the packet must match a pattern of text with a regular expression.

4. In the Value text box, type the text of the rule.
   If you selected Pattern Match as the rule setting, use an asterisk (*), a period (.), or a question mark (?) as wildcard characters.
5. In the Rule Actions section, in the Action drop-down list, select the action the proxy takes for this rule.
   
6. To create an alarm for this event, select the Alarm check box. An alarm tells users when a proxy rule applies to network traffic.
7. To create a message for this event in the traffic log, select the Log check box.

See Also

About Rules and Rulesets

Cut and Paste Rule Definitions

Change the Order of Rules

Change the Default Rule

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base

© 2011 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, Firebox, Core, and Fireware are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.