Add or Edit a Forwarding Rule in a Rule Set

Use the following procedure to add existing rules to a policy rule set or to edit rules that are already included in a policy rule set:

Before you begin

You can create a new rule within the Multicloud Defense Gateway. Note the following limitations before you add or edit rules to your rule set:

  • A single policy rule set can have a maximum of 2047 rules.

  • A policy rule set group can have a maximum combined set of 2047 rules.

Procedure

Step 1

Navigate to Manage > Security Policies > Rule Sets.

Step 2

Click the policy rule set name to view the policy rule set.

Step 3

Click Add Rule to create a new rule or add an existing rule. This generates a prompt.

Step 4

Enter the following properties:

  • Name - a unique name used to reference the rule.

  • (optional) Description - A brief description of the rule.

  • Type - Select Forwarding.

Step 5

Enter the following Object information:

  • Service - The service object used to determine the protocols and ports for which the rule will apply.

  • Source - The address object used to determine the resources for which the rule will apply.

  • Destination - The address object used to determine the destination resources for which the rule will apply. For a ReverseProxy rule type, the destination is always the Multicloud Defense Gateway. For ForwardProxy rule types, the destination is always any.

  • FQDN - Use the drop-down menu to select a set of FQDNs used for SNI match. Note this applies only to Forwarding rule types.

Step 6

Enter the Details:

  • Action - The action defines whether the traffic should be allowed or denied, and whether the traffic should be logged or not logged in events. Traffic is always logged in traffic summary, no matter whether the action is set to Log or No Log. For traffic that is allowed by the rule, the advanced security profiles are evaluated. Note that each advanced security profile has its own action that will either use or override this action.

  • Reset On Deny - If enabled, the Multicloud Defense Gateway will send a TCP Reset packet for the sessions that matches this policy and is dropped by the gateway. Note this only applies to Forwarding rule types.

Step 7

Enter the following Profiles information:

  • (Optional) Network Intrusion - The Network Intrusion (IPS) profile to be used for advanced security.

  • (Optional) Anti-malware - The Anti-malware profile to be used for advanced security. If you do not already have an Anti-malwre profile created, click + Create Anti Malware here.

  • (Optional) Data Loss Prevention - The Data Loss Prevention (DLP) profile to be used for advanced security. Note that this applies only to ForwardProxy rule types.

  • (Optional) FQDN Filtering - The FQDN Filtering (FQDN) profile to be used for advanced security.

  • (Optional) Malicious IPs - The Malicious IPs (MIP) profile to be used for advanced security.

  • (Optional) PCAP - Check this box to enable. Whether packet capture is enabled or disabled for the rule. Whenever traffic matches a rule with PCAP enabled, a packet capture of the session traffic will occur and the PCAP will be stored in the location specified by the PCAP profile. The PCAP profile is configured on the Multicloud Defense Gateway.

Step 8

After specifying the configuration for the rule, click Save.

Step 9

Continue adding more rules. Once all desired rules have been added, click Save Changes. You will be presented with a before and after view of all changes made to the rule set. If satisfied with your changes, click Save. If you need to make further changes, click Cancel to return to editing your rule set.