Moving Access Control Rules to a Prefilter Policy

Note the following conditions before you proceed:

• When moving an access control rule to a prefilter policy the layer 7 (L7) parameters in the access control rule cannot be moved. The L7 parameters are dropped during the operation.

• The comments in the access control rule configuration are lost after moving the rule. However, a new comment is added in the moved rule mentioning the source access control policy.

• You cannot move access control rules with Monitor set as the Action parameter.

• The Action parameter in the access control rule is changed to a suitable action in the prefilter rule when moved. To know what each action in the access control rule maps to, see the following table:

  Action in the access control rule	Action in the prefilter rule
  Allow	Analyze
  Block	Block
  Block with reset	Block
  Interactive Block	Block
  Interactive Block with reset	Block
  Trust	Fastpath

• Similarly, based on the action configured in the access control rule, the logging configuration is set to an appropriate setting after the rule is moved, as mentioned in the following table.

  Action in the access control rule	Enabled Logging configurations in the prefilter rule
  Allow	None of the check boxes are checked.
  Block	Log at Beginning of Connection Event Viewer Syslog Server SNMP Trap
  Block with reset	Log at Beginning of Connection Event Viewer Syslog Server SNMP Trap
  Interactive Block	Log at Beginning of Connection Event Viewer Syslog Server SNMP Trap
  Interactive Block with reset	Log at Beginning of Connection Event Viewer Syslog Server SNMP Trap
  Trust	Log at Beginning of Connection Log at End of Connection Event Viewer Syslog Server SNMP Trap

• While moving rules from the source policy, if another user modifies those rules, you will see get a message. You may continue with the process after refreshing the page.