Access Control Rule Management
The rules table of the access control policy editor allows you to add, edit, categorize, search, filter, move, enable, disable, delete, and otherwise manage access control rules in the current policy.
Properly creating and ordering access control rules is a complex task, but one that is essential to building an effective deployment. If you do not plan your policy carefully, rules can preempt other rules, require additional licenses, or contain invalid configurations. To help ensure that the system handles traffic as you expect, the access control policy interface has a robust warning and error feedback system for rules.
Use the search bar to filter the list of access control policy rules. You can deselect the Show Only Matching Rules option to see all rules. Matched rules are highlighted.
For each access control rule, the policy editor displays its name, a summary of its conditions, the rule action, and icons that communicate the rule’s inspection options or status. These icons represent:
-
Time Range Option ()
-
Intrusion policy ()
-
File policy ()
-
Logging ()
-
Warning ()
-
Errors ()
-
Rule Conflict ()
Disabled rules are dimmed and marked (disabled) after the rule name.
To create or edit a rule, use the access control rule editor.
—You can:
-
Configure the rule name and select its placement in the upper portion of the editor.
-
Switch to editing a different rule by selecting its row above or below the editor.
-
Use the left-hand list to select the rule action, and apply intrusion policies and variable sets, file policies, and time range, and to set logging options.
-
Use the options next to the rule name to select the rule action, and apply intrusion policies and variable sets, file policies, and time range, and to set logging options.
-
Use the Sources and Destinations and Applications columns to add matching criteria. You can add options from the All list, or move to different tabs to more easily find the type of option you want, such as security zone or networks.
-
Add comments to the rule at the bottom of the editor.