Creating a Custom Network Analysis Policy

In a multidomain deployment, the system displays policies created in the current domain, which you can edit. It also displays policies created in ancestor domains, which you cannot edit. To view and edit policies created in a lower domain, switch to that domain.

Procedure

Step 1

Choose Policies > Access Control, then click Network Analysis Policy or Policies > Access Control > Intrusion, then click Network Analysis Policies.

Note	If your custom user role limits access to the first path listed here, use the second path to access the policy.

Step 2

Click Create Policy. If you have unsaved changes in another policy, click Cancel when prompted to return to the Network Analysis Policy page.

Step 3

Enter a unique Name.

In a multidomain deployment, policy names must be unique within the domain hierarchy. The system may identify a conflict with the name of a policy you cannot view in your current domain.

Step 4

Optionally, enter a Description.

Step 5

Choose the initial Base Policy. You can use either a system-provided or custom policy as your base policy.

Attention

While configuring your custom NAP, if you select Maximum Detection as the Base Policy, you might experience performance degrade. It is recommended to review and test this setting before deploying to production environment.

Step 6

If you want to allow preprocessors to affect traffic in an inline deployment, enable Inline Mode.

Step 7

To create the policy:

Click Create Policy to create the new policy and return to the Network Analysis Policy page. The new policy has the same settings as its base policy.
Click Create and Edit Policy to create the policy and open it for editing in the advanced network analysis policy editor.