Add Policies to Your Configuration

Your Firebox configuration includes a default set of policies and predefined policy templates. When you add a policy, you select a policy template. The template specifies whether the policy is a packet filter or proxy policy, and defines the ports and protocols the policy applies to. To specify custom ports and protocols, create a custom policy template. After you use a policy template to add a new policy, you can configure other policy properties, such as subscription services, QoS actions, and operating schedules.

You can add two types of policies to your Firebox configuration:

  • Firewall policy — filters traffic through the firewall based on port and protocol
  • Mobile VPN with IPSec policy — filters traffic through the firewall for members of the Mobile VPN with IPSec group. For more information, see Configure Policies to Filter IPSec Mobile VPN Traffic.

After you add a policy to your configuration, you define rules to:

  • Set allowed traffic sources and destinations
  • Enable security services
  • Configure filter rules in proxy actions (for proxy policies)
  • Configure properties such as Traffic Management, NAT, and log settings

For more information on policy configuration, see About Policy Properties.

Add a Firewall Policy

Create Custom Policy Templates

To add a firewall or Mobile VPN policy from Policy Manager, you select a policy template from the list. A policy template contains the policy name, a short description of the policy, and the protocol and port the policy applies to. If there is no policy template for the type of traffic you want to allow or deny, you can add a custom policy template and then use that to create a policy.

For information about how to create and manage custom policy templates, see:

Add More Than One Policy of the Same Type

If your security policy requires it, you can add more than one policy of the same type to your configuration. For example, you can add two HTTP-proxy policies with different settings to set a limit on web access for most users, but give full web access to your management team. Or you can create two policies of the same type that have a different operating schedules to control the type of traffic allowed during business hours.

For some examples of how to configure different policies of the same type, see:

When you add multiple policies of the same type, it is important to understand which policy has precedence. If you configure two policies of the same type, the Firebox automatically evaluates policies in order from the most specific to the least specific. For more information, see About Policy Precedence.

Use Policy Checker to Find a Policy

To determine how your Firebox manages traffic for a particular protocol between a source and destination you specify, you can use Policy Checker in Fireware Web UI.

For more information, see Use Policy Checker to Find a Policy.

See Also

About Policies

About Proxy Actions

About Policy Manager