Import or Export WebBlocker Exceptions
You define WebBlocker exceptions separately for each WebBlocker action. If you manage several Fireboxes or configure more than one WebBlocker action on the same Firebox, you can export WebBlocker exception rules from one WebBlocker action and import them into another WebBlocker action on the same Firebox or on a different Firebox.
In Fireware 12.3 or higher, you can also import and export WebBlocker exceptions to and from the global exceptions list in the WebBlocker global settings. Exceptions can be transferred between the global exceptions list and WebBlocker actions. For more information about global exceptions, go to Configure WebBlocker Global Settings.
There are two ways to transfer WebBlocker exceptions:
- Create a text file that defines the rules and import it to a WebBlocker action or the WebBlocker global exceptions list.
- Use Policy Manager to add WebBlocker exceptions, export the exceptions to a text file, and import the file into a WebBlocker action or the WebBlocker global exceptions list.
Define WebBlocker Exceptions in a Text File
You can define WebBlocker exceptions in an ASCII text file that uses the standard UTF-8 character set.
You must include only one rule per line. The syntax for rules is:
[rule_name, action, enabled | disabled, log | no log, alarm | no alarm, match_type,] pattern_value
where:
rule_name = Name of the rule as it appears in the exception list. The default name is WB Rule n, where n is a number that starts at 0 and increases for each rule.
action = Allow or Deny. The default action is Allow.
enabled|disabled = Specifies whether the rule is currently enabled or disabled. The default is enabled.
log|no log = Specifies whether to add a log message when the action is taken. The default is no log.
alarm|no alarm = Specifies whether to send an alarm when the action is taken. The default is no alarm.
match_type = Specifies the type of match: exact match, regular expression, or pattern match. The default is pattern match.
value = value to be matched.
The rule_name, action, and match_type parameters are optional. If you do not specify these options, Policy Manager uses the default value.
To add comments to the file, start the comment line with the symbol "#". Make sure each comment is on a separate line.
This example file contains five exceptions:
#
# Here are five exception rules
#
AllowFB, allow, enabled, No Log, No Alarm, *.firebox.net/* badsite, deny, disabled, Log, Alarm, very.badsite.com/* ExceptionRule1,*.goodsite.com/" exact match, 10.0.0.1
*.xyz.*/
Export WebBlocker Exceptions to a Text File
When you export WebBlocker exceptions, the Firebox saves the current rules to an ASCII text file in the format described previously.
To export WebBlocker exceptions to a file:
- Open the configuration in Policy Manager.
- To export exceptions from a WebBlocker action, edit the action.
To export global WebBlocker exceptions, open the WebBlocker Global Settings. - Select the Exceptions tab.
- Define exceptions as described in Configure WebBlocker Exceptions.
- Click Export.
- Select the location where you want to save the exceptions file.
- Type a name for the file. Click Save.
You can use the saved file to import the exceptions into the WebBlocker configuration for a different Firebox.
Import Exceptions from a Text File
To import WebBlocker Exceptions:
- Open the configuration in Policy Manager.
- To import exceptions to a WebBlocker action, edit the action.
To import exceptions to the global WebBlocker exception list, open the WebBlocker Global Settings. - Select the Exceptions tab.
- Click Import.
- Select the text file. Click Open.
- If exceptions are already defined in WebBlocker, you are asked whether you want to replace the existing rules or append the imported rules to the list of existing rules. Click Replace or Append.
If you click Append, the imported rules appear in the Exceptions list below the existing rules.
If you import the example text file in the previous section into a WebBlocker action, and click Append to add the exceptions to the default exceptions, the Exceptions list looks like this:
- Click OK.
- Save the configuration to the Firebox.