In this example we will configure a policy that encompasses all protocols for users authenticated with ATP and Proxy inspection for the HTTP and HTTPS navigation ports with SSL Inspection.


Below is a summary of what will be configured in the rule:


  • [Properties]: Allow all with IPS + PROXYTAG = IPS, NAT, PROXY;
  • [Conditions]: Network zone “LAN”, Authenticated;
  • [Inspection]: SSL Inspection, Intrusion Prevention;
  • [Routing]: Enable [Nat], QOS: Medium Priority (Reserve 50% link).

To add a security policy, in the action menu [], click on the option “Create Policy”;


IPv4 - Actions Menu - Create Policy


Configure each tab according to the settings shown below.


Properties


In the [Properties] tab, in Name set it as: “Allow all with IPS + Proxy”;

In Description type “Allow all with IPS + Proxy”;

In Tags include “IPS”, “NAT” and “PROXY”;

In Policy Group select “Masking (NAT)”;

You will have arrived at the result illustrated by the image below:


Create Policy – Ex. 5 – Properties


Select the next tab: [Conditions].

 

Conditions


In the [Conditions] tab, in Network Zone select: “LAN”;

Select the Authenticated checkbox.

You will have arrived at the result illustrated by the image below:


Create Policy – Ex. 5 – Conditions


Select the next tab: [Inspection].


Inspection


In the [Inspection] tab, enable the SSL Inspection [] checkbox and select a profile to inspect SMTP, POP3, FTP, HTTP, HTTPS and SSL (For more information, check the Proxy - SSL Inspection section);

Enable the Intrusion Prevention [] check box and select the desired inspection profile (For more information, check this page);

Select the Web Filter [] checkbox and select the desired profile (For more information, check this page);

You will have arrived at the result illustrated by the image below:


Create Policy – Ex. 5 – Inspection

 

Select the next tab: [Routing].


Routing


On the [Routing] tab, select the Nat check box;

Check the SD-WAN checkbox and select the option “Load Balance BB”;

In Traffic Shaping select the option “Medium”;


Create Policy – Ex. 5 – Routing


After configuring each tab according to the definition of the applied policy, click on [].


Policy Saved Successfully


The screen shown in the following image will be displayed:


Create Policy – Ex. 5 – Allow all with IPS + PROXY


After saving, for the policy to take effect it will be necessary to access the command queue [] and apply the changes made . For more information on the command queue access the page: UTM - Command queue.


After performing these procedures, the policy will have been successfully configured.


Ready! Now just apply some tests.

To do so, use a properly configured workstation and browse the WEB.

Then check the Traffic logs on the Dashboard.


  • No labels