Create or Edit a Custom Policy Template

To add specialized policies to your configuration files, you can create custom policy templates. A custom policy template can be for a packet filter or proxy policy and can use any available protocol. When you add a custom policy template to your configuration, make sure to specify a unique name for the policy template, so you can find the policy when you want to change or remove it. This name must be different than the name of any other policy template.

In the policy template, you can configure these properties:

Policy Type

Specify whether the template is for a packet filter or proxy policy. For a proxy policy, you also select the type of proxy policy or application layer gateway (ALG). Fireware supports proxy policies for many common protocols, including DNS, FTP, H.323, HTTP, HTTPS, POP3, SIP, SMTP, and TCP-UDP. For more information about proxy policy types, go to About Proxy Policies and ALGs.

Protocols

Specify the protocols the policy template applies to. You can add more than one protocol to the same policy template. The GRE, AH, ESP, ICMP, ICMPv6, IGMP, OSP, IP, and PIM protocols use a single port, and you cannot configure it. For some protocols, you must specify additional information: 

  • For the TCP and UDP protocols, specify the port or port range.
  • For ICMP (Internet Control Message Protocol) and ICMPv6, specify an ICMP Type and ICMP Code. If you type 255 in the text boxes, the Firebox interprets the type and code as any ICMP traffic of any ICMP traffic type.
  • For the IP protocol, specify the protocol number.

Custom Idle Timeout

You can specify a custom idle timeout. The idle timeout is the maximum length of time, in seconds, that a connection can stay active when no traffic is sent through the connection. If you do not specify a custom idle timeout, the template uses the default idle timeout setting of 180 seconds (3 minutes).

You can now use the custom policy template to add one or more custom policies to your configuration. Use the same procedure as you would to add a policy based on a predefined policy template.

ICMPv6 templates are only supported in Fireware v12.6.2 and higher. If you try to save a configuration that includes an ICMPv6 custom template to a lower version of Fireware, an error message appears that you must remove the template before you can save the configuration.

Related Topics

Add Policies to Your Configuration

Import and Export Custom Policy Templates