A proxy action is a specific group of settings, sources, or destinations for a type of proxy. Because your configuration can include several proxy policies of the same type, each proxy policy uses a different proxy action. Each proxy policy has predefined, or default, proxy actions for clients and servers. For example, you can use one proxy action for packets sent to a POP3 server protected by the XTM device, and a different proxy action to apply to email messages retrieved by POP3 clients. You can clone, edit, and delete proxy actions in your XTM device configuration.
Fireware XTM proxy actions are divided into two categories: predefined proxy actions , and user-defined proxy actions. The predefined proxy actions are configured to balance the accessibility requirements of a typical company, with the need to protect your computer assets from attacks. You cannot change the settings of predefined proxy actions. Instead, you must clone (copy) the existing predefined proxy action definition and save it as a new, user-defined proxy action.
In Fireware XTM OS v11.9.3 or higher, the new default predefined proxy actions have "Standard" appended to the proxy action name. These settings are updated from previous defaults to reflect the latest Internet network traffic trends.
You can create many different proxy actions for either clients or servers, or for a specified type of proxy policy. However, you can assign only one proxy action to each proxy policy. For example, a POP3 policy is linked to a POP3-Client proxy action. If you want to create a POP3 proxy action for a POP3 server, or an additional proxy action for POP3 clients, you must add new POP3 proxy policies to Policy Manager that use those new proxy actions.
To set the proxy action for a proxy policy when you add a new policy:
To change a proxy action for an existing proxy policy:
To manage the proxy actions for your XTM device, you can clone, edit, and delete proxy actions. You can clone, edit, or delete any user-defined proxy action. You cannot make changes to predefined proxy actions, or delete them. You also cannot delete user-defined proxy actions that are used by a policy.
If you want to change the settings in a predefined proxy action, you can clone it and create a new, user-defined proxy action with the same settings. You can then edit the proxy action to modify the settings as necessary. If you choose to edit a predefined proxy action, you cannot save your changes. Instead, you are prompted to clone the changes you have made to a new, user-defined proxy action.
When you edit a proxy action, you can change the rules and rulesets, and the associated actions. Each proxy action includes proxy action rules, which are organized into categories. Some categories are further subdivided into subcategories of rules.
The available categories of settings for each proxy action appear in an accordion list, with section headers that are always visible. When you select the section header for a category, the category section expands and the settings and rules for each category appear on the category panel. If the category includes more than one subcategory of settings, a link bar navigation menu appears at the top of the category panel.
For more information on the available proxy action settings for each proxy, see the About topic for that proxy.
|About the DNS-Proxy||About the POP3-Proxy|
|About the FTP-Proxy||About the SIP-ALG|
|About the H.323-ALG||About the SMTP-Proxy|
|About the HTTP-Proxy||About the TCP-UDP-Proxy|
|About the HTTPS-Proxy|
You can clone both predefined and user-defined proxy actions. But, you can only edit a user-defined proxy action.
If you selected to clone a proxy action, the Clone Proxy Action page appears.
If you selected to edit a proxy action, the Edit Proxy Action page appears.
You can also clone a proxy action when you edit the configuration of a proxy policy that uses a predefined proxy action.
You cannot delete predefined proxy actions. You can only delete user-defined proxy actions that are not used by a policy.
About Proxy Policies and ALGs