Contents

Related Topics

Create or Edit a Custom Policy Template

To add specialized policies to your configuration files, you can create custom policy templates. A custom policy template can be for a packet filter or proxy policy and can use any available protocol. When you add a custom policy template to your configuration, make sure to specify a unique name for the policy template, so you can find the policy when you want to change or remove it. This name must be different than the name of any other policy template.

In the policy template, you can configure these properties:

Policy Type

Specify whether the template is for a packet filter or proxy policy. For a proxy policy, you also select the type of proxy policy or application layer gateway (ALG). Fireware supports proxy policies for many common protocols, including DNS, FTP, H.323, HTTP, HTTPS, POP3, SIP, SMTP, and TCP-UDP. For more information about proxy policy types, see About Proxy Policies and ALGs.

Protocols

Specify the protocols the policy template applies to. You can add more than one protocol to the same policy template. The GRE, AH, ESP, ICMP, IGMP, OSP, IP, and PIM protocols use a single port, and you cannot configure it. For some protocols, you must specify additional information: 

  • For the TCP and UDP protocols, specify the port or port range.
  • For ICMP (Internet Control Message Protocol), specify an ICMP Type and ICMP Code.
  • For the IP protocol, specify the protocol number.

Custom Idle Timeout

You can specify a custom idle timeout. The idle timeout is the maximum length of time, in seconds, that a connection can stay active when no traffic is sent through the connection. If you do not specify a custom idle timeout, the template uses the default idle timeout setting of 180 seconds (3 minutes).

To create a custom policy template, from Fireware Web UI:Closed
  1. Select Firewall > Firewall Policies or Firewall > Mobile VPN IPSec Policies.
    The Policies page you selected appears.
  2. Click Add Policy.
    The Add Firewall Policy page appears.

Screen shot of the Add Firewall Policy page

  1. For the policy type, select Custom.
  2. From the Custom drop-down list, select a policy or click Add to create a new custom policy.
    The Add Policy Template page appears.

Screen shot of the Add Policy Template page

  1. In the Name text box, type a name for the custom policy template.
  2. (Optional) In the Description text box, type a description of the policy template.
    This appears in the Details section when you click the policy name in the list of User Filters.
  3. Select a policy type: Packet Filter or Proxy.
  4. For a proxy policy, from the Proxy drop-down list, select a proxy type.
  5. To add a protocol, click Add.
    The Add Protocol dialog box appears.

Add Protocol dialog box, with single port and TCP options selected

  1. From the Type drop-down list, select an option: Single Port or Port Range.
  2. From the Protocol drop-down list, select the protocol to use for this policy.
    If you select Single Port, you can select TCP, UDP, GRE, AH, ESP, ICMP, IGMP, OSP, IP, or Any.
    If you select Port Range, you can select TCP or UDP. The options below the drop-down list change for each protocol.
  3. If you selected Single Port, in the Server Port text box, type the port number.
    If you selected Port Range, in the Start Server Port and End Server Port text boxes, type the server port range.
  4. Click OK.
    The protocol appears in the Protocols list.
  5. To specify the idle timeout, select the Specify custom idle timeout check box and type the timeout value in seconds.
  6. Click Save.
    The custom policy name appears in the Add Firewall Policy page in the Custom drop-down list.
To create a custom policy template, from Policy Manager:Closed
  1. Click Policy Manager Add Policy button.
    Or, select Edit > Add Policies.
    The Add Policy dialog box appears.
  2. Click Manage Custom.
    The Manage Custom Policy Templates dialog box appears.
  3. To add a new custom policy template, click New.
    Or, to edit an existing custom policy template, select the policy template and click Edit.
    The New Policy Template dialog box appears.

New Policy Template dialog box

  1. In the Name text box, type the name of the custom policy.
  2. In the Description text box, type a description of the policy.
  3. Select the type of policy: Packet Filter or Proxy.
  4. If you select Proxy, choose the proxy protocol from the adjacent drop-down list.
  5. To specify the idle timeout, select the Specify Custom Idle Timeout check box and type the timeout value in seconds.
  6. To add protocols for this policy, click Add.
    The Add Protocol dialog box appears.

Add Protocol dailog box for custom policy template.

  1. From the Type drop-down list, select Single Port or Port Range.
  2. From the Protocol drop-down list, select the protocol for this new policy.
    If you select Single Port, you can select TCP, UDP, GRE, AH, ESP, ICMP, IGMP, OSP, IP, or Any.
    If you select Port Range, you can select TCP or UDP. The options below the drop-down list change for each protocol.
  3. If you selected Single Port, in the Server Port text box, type or select the port for this new policy.
    If you selected Port Range, in the Start Server Port and End Server Port text boxes, type or select the starting server port and the ending server port.
  4. Click OK.
    The policy template is added to the Custom policies folder.

You can now use the custom policy template to add one or more custom policies to your configuration. Use the same procedure as you would to add a policy based on a predefined policy template.

See Also

Add Policies to Your Configuration

Import and Export Custom Policy Templates

Give Us Feedback     Get Support     All Product Documentation     Technical Search

© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.