Create or Edit a Custom Policy Template

To add specialized policies to your configuration files, you can create custom policy templates. These templates can be packet filter or proxy policies and use any available protocol. When you add a custom policy template to your configuration file, make sure to specify a unique name for the policy. A unique name helps you to find the policy when you want to change or remove it. This name must not be the same as any other policy name in the policies list for your device.

From Fireware XTM Web UI:

  1. Select Firewall > Firewall Policies or Firewall > Mobile VPN Policies.
    The Policies page you selected appears.
  2. Click Add Policy.
    The Add  Firewall Policy page appears.

Screen shot of the Add Firewall Policy page

  1. In the Policy Name text box, type a name for the policy.
  2. For the policy type, select Custom.
  3. From the Custom drop-down list, select a policy or click Add to create a new custom policy
    The Add Policy Template page appears.

Screen shot of the Add Policy Template page

  1. In the Name text box, type a name for the custom policy.
  2. (Optional) In the Description text box, type a description of the policy.

    This appears in the Details section when you click the policy name in the list of User Filters.
  3. Select a type: Packet Filter or Proxy.
  4. For a proxy, from the Proxy drop-down list, select a proxy type.
  5. To add a protocol, click Add.
    The Add Protocol dialog box appears.

Add Protocol dialog box, with single port and TCP options selected

  1. From the Type drop-down list, select an option: Single Port or Port Range.
  2. From the Protocol drop-down list, select the protocol to use for this policy.
    If you select Single Port, you can select TCP, UDP, GRE, AH, ESP, ICMP, IGMP, OSP, IP, or Any.
    If you select Port Range, you can select TCP or UDP. The options below the drop-down list change for each protocol.

Fireware XTM does not pass IGMP multicast traffic through the XTM device, or between XTM device interfaces. It passes IGMP multicast traffic only between an interface and the XTM device.

  1. If you selected Single Port, in the Server Port text box, type the port number.
    If you selected Port Range, in the Start Server Port and End Server Port text boxes, type the server port range.
  2. Click OK.
    The protocol appears in the Protocols list.
  3. To specify the idle timeout, select the Specify custom idle timeout check box and type the timeout value in seconds.
  4. Click Save.
    The custom policy name appears in the Add Firewall Policy page in the Custom drop-down list.
  5. Click Add Policy.

You can now use the policy template you created to add one or more custom policies to your configuration. Use the same procedure as you would for a predefined policy.

See Also

Add a Policy from the List of Templates

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base