To create a specific Zone Protection firewall policy, click the button located at the upper right:


Zone Protection - Create Button


When clicking this button the window below is displayed:



Zone Protection - Create Button - Window


The menu consists of the sessions:



Below we will analyze each of these sessions in detail.


Policy 


In "Policy" we configure all options related to how the Zone Protection policy will work:


Zone Protection – Policy


  • Enabled[]: Determines whether the status is on [] or off [];
  • Description: Defines a description for identification;
  • Service: It determines the service that will be used in the creation of the policy, the services that appear in this field are created in Objects - Services;
  • Zone: Determines the type of interface grouping that will be used. These groupings are created in Network - Interfaces;
  • Time: Determines the time in which the policy will be applied, the items that appear in this field are created in Objects - Times;
  • Action: Defines the action to be taken, which can be:
    • Allow;
    • Deny;
    • Reject.
  • Traffic Monitor: When checking theTraffic Monitor box[], the information that match the located policy will be collected by the monitoring service and sent to the real-time summarizing service (Reporter).
  • Traffic Logging: When checking the Traffic Logging box[], Logs reffering to the information collected  by the monitoring service will be generated. 
  • Intrusion Prevention: With the checkbox checked, it determines which IPS will be used, in addition activates the drop-down list, which allows the selection of which profile will be used. The profiles that appear are created in Services - Intrusion Prevention;
  • Threat Blocking: By activating this checkbox, all listed threats (as a tag) will be blocked in the text field. If tags are added without activating the checkbox, it will be activated automatically when saving.


This concludes the configuration, if no "condition" is needed, save the changes by clicking [], if you want to close this window, click [] to cancel all settings and return to the previous screen.

After saving, you will need to access the command queue [] and apply the changes made. For more information on the command queue access the page: UTM - Command queue.


If there is a need to configure "condition", check the section below.

Conditions 


In "Conditions" we configure all the conditions on how Zone Protection will work:



Zone Protection – Conditions


  • Authenticated[]: This check box determines whether the policy requires authentication (if enabled) or not (if disabled). In addition, by enabling this checkbox, the Users and Groups fields are available for editing;
  • Users: Click [] and select all users to whom the policy will apply. The users that appear in this window are created in Settings - Authentication - Users tab;
  • GroupsClick [] and select all user groups to which the policy will apply. The user groups that appear in this window are created in Settings - Authentication - Users tab - Groups – Add Group;
  • IPv4 Source IPClick [] and select all source IPv4 addresses to which the policy will be applied. The IPv4 addresses that appear in this window are created in Objects - Addresses;
  • IPv6 Source IPClick [] and select all source IPv6 addresses to which the policy will be applied. The IPv6 addresses that appear in this window are created in Objects - Addresses;
  • Destination IPv4: Click [] and select all destination IPv4 addresses to which the policy will be applied. The IPv4 addresses that appear in this window are created in Objects - Addresses;
  • Destination IPv6: Click [] and select all destination IPv4 addresses to which the policy will be applied. The IPv4 addresses that appear in this window are created in Objects - Addresses;


To save changes, click [], otherwise, click [] to cancel all settings and return to the previous screen.

After saving, you will need to access the command queue [] and apply the changes made. For more information on the command queue access the page: UTM - Command queue.


To better illustrate the procedures listed above, next, we will look at some examples:



  • No labels