About Policy Tags and Filters

A policy tag is a label you can apply to your Firewall and Mobile VPN with IPSec policies to help you organize your policies into easy to manage groups. You can apply more than one policy tag to a policy and apply any policy tag to many policies. A policy filter uses the policy tags you have applied to your policies to specify which policies appear in the policy lists on the Firewall and Mobile VPN with IPSec pages.

When you create a policy tag or filter, you must use some combination of these characters in the policy tag or filter name:

  • Uppercase and lowercase letters
  • Numerals
  • Special characters: -, space, _, +, /, *

You can create and apply policy tags and filters in a single Firebox configuration file or a Device Configuration Template. For more information about templates in Policy Manager, see Create Device Configuration Templates.

Create and Apply Policy Tags

To create a new policy tag, you can either select a policy and create a tag for that policy, or you can create a tag and then apply it to one or more policies. You can select a color for each policy tag to make it easy to identify the policy tag when it appears in the Tags column. This is particularly helpful when you apply more than one policy tag to a single policy. When you create a policy tag, it is added to the Tags List in the Manage Policy Tags dialog box in alphabetical order.

You can apply a policy tag from the policy list or when you define the properties in the policy configuration. If you apply more than one policy tag to a policy, the tags appear in alphabetical order in the Tags column of the policy list and in the Tags list of the policy properties. Capitalized tags appear in the list before lowercase tags.

Create and Apply a Policy Tag from the Policy List

Add a Policy Tag to the Tag List

To create policy tags that you can apply to policies at a later time, you can add new tags to the Tag List in the Manage Policy Tags dialog box.

Apply a Policy Tag in the Policy

Remove Policy Tags From Policies

There are two methods you can use to remove a policy tag from a policy: you can remove one or more policy tags from a single policy, or you can delete a policy tag to remove it from all the policies to which it is applied. When you remove a policy tag from a single policy, the tag remains in the Tag List so you can use the tag again later. When you delete a policy tag, it is deleted both from the Tag List and from any policies to which it was applied. You cannot use a template to delete a policy tag from a policy in a device configuration file.

Modify Policy Tags

After you have created a policy tag, you can change the name or the color of the tag. When you modify a policy tag, the changes that you make automatically appear in all the policies to which the policy tag is applied.

Create and Apply a Filter

After you have created and applied policy tags to your policies, you can use the tags to filter the policy list and select which policies appear in the policy list. The criteria included in your filters is based on both AND and OR operators.

After you apply a filter, you can sort the policy list by column to further refine your view of the policies that appear in the policy list. You can also name and save the filters you create so you can apply the filter again at any time. Because saved filters are stored in your Firebox configuration file, all saved filters are available whether you manage the Firebox with Policy Manager or Fireware Web UI.

When you apply a filter to the policy list, the filter remains applied to the list until you manually clear it. If you do not remove a filter before you exit the policy list, that filter is still applied when you next connect to the Firebox and view the policy list. To make sure that all of your policies appear in the policy list when you next open the configuration file, we recommend that you always clear all filters from the policy list before you exit the policy list.

Modify a Filter

You can change the policy tags and filter options that are included in a filter. You can also change the name of a filter. When you change the name of the filter, the name is automatically updated in the Filters list and in all policies to which the filter is applied.

Clone a Filter

To create a new filter with many of the same parameters as a filter that you already created and saved, you can clone a filter in the Filters list. A cloned filter is like a template for a new filter. After you clone the filter, you can add new parameters and specify a new descriptive name for the cloned filter.

See Also

Add Policies to Your Configuration

About Policy Views

Create Device Configuration Templates