Create and Edit Access Control Rules

• To add a new rule, click Add Rule.

• To edit an existing rule, click Edit ().

• To edit multiple rules, use the checkboxes to select multiple rules, then select Edit or another action from the Select Action list next to the search box.

• To do inline editing, where you change the configuration of an object in a rule condition, right-click the value and choose Edit. You can also use the right-click menu to remove a item, add it to the filter, or copy the text or value.

If View () appears next to a rule instead, the rule belongs to an ancestor policy, or you do not have permission to modify the rule.

If you are bulk-editing multiple rules, only a subset of options are available.

• Position—Specify the rule position; see Access Control Rule Order.

• Action—Choose a rule Action; see Access Control Rule Actions.

• Deep Inspection—(Optional.) For Allow and Interactive Block rules, select options for Intrusion Policy, Variable Set, and File Policy. You can apply intrusion and file policies independently; you do not need to configure both.

• Time Range—(Optional.) For threat defense devices, choose the days and times when the rule is applicable. If you do not choose an option, the rule is always active. For details, see Creating Time Range Objects.

• Logging—Click Logging to specify options for connection logging and SNMP traps.

• Conditions—Select the objects you want to add or either source or destination, then click either Add to Sources or Add to Destinations and Applications to add matching conditions for connections. You can click a tab to restrict the list of available objects, for example, to Networks, Security Zones, Applications, and so forth. However, the sources and destination column always show all selected objects regardless of the tab you are on. See Access Control Rule Conditions for more information.

• Comments—Open the comments list at the bottom of the dialog box, enter your comment, and click Post to add a comment.