Set Access Rules for a Policy

To configure access rules for a policy, select the Settingstab.

The Connections are drop-down list specifies whether traffic that matches the rules in the policy is allowed or denied. To configure how traffic is managed, select one of these settings:

Allowed

The XTM device allows traffic that uses this policy if it matches the rules you set in the policy. You can configure the policy to create a log message when network traffic matches the policy.

Denied

The XTM device denies all traffic that matches the rules in this policy and does not send a notification to the device that sent the traffic. You can configure the policy to create a log message when a computer tries to use this policy. The policy can also automatically add a computer or network to the Blocked Sites list if it tries to start a connection with this policy.

For more information, see Block Sites Temporarily with Policy Settings.

Denied (send reset)

The XTM device denies all traffic that matches the rules in this policy. You can configure it to create a log message when a computer tries to use this policy. The policy can also automatically add a computer or network to the Blocked Sites list if it tries to start a connection with this policy.

For more information, see Block Sites Temporarily with Policy Settings.

With this option, the XTM device sends a packet to tell the device which sent the network traffic that the session is refused and the connection is closed. You can set a policy to return other errors instead, which tell the device that the port, protocol, network, or host is unreachable. We recommend that you use these options with caution to ensure that your network operates correctly with other networks.

Policy action drop-down list and deny response drop-down list

The Settings tab also includes:

For example, you could configure a ping packet filter to allow ping traffic from all computers on the external network to one web server on your optional network. However, when you open the destination network to connections over the port or ports that the policy controls, you can make the network vulnerable. Make sure you configure your policies carefully to avoid vulnerabilities.

To add members to your access specifications:

  1. On the Settings tab, below the From or To list, click Add.
    The Add Member dialog box appears.

Add Member window

The members list contains the members you can add to the From or To lists. A member can be an alias, user, group, IP address, or range of IP addresses.

  1. From the Member Type drop-down list, select the type of member you want to add.
    The member list updates to show only members of the type you selected.
  2. From the member list, select a member.
  3. Click OK.
    The member appears in the member list on the Settings tab.
  4. To add other members to the From or To list, repeat the previous steps.
  5. Click Save.

The source and destination can be a host IP address, host range, host name, network address, user name, alias, VPN tunnel, or any combination of those objects.

For more information on the aliases that appear in the From and To list, see About Aliases.

For more information about how to create a new alias or edit a user-defined alias, see Create an Alias.

See Also

About Policy Properties

Configure Static NAT

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base