Contents

Related Topics

Add a Proxy Policy to Your Configuration

When you add a proxy policy or ALG (application layer gateway) to your Firebox configuration file, you specify types of content that the Firebox must find as it examines network traffic. If the content matches (or does not match) the criteria you set in the proxy or ALG definition, the traffic is either allowed or denied, based on the criteria and settings you specify.

You can use the default settings of the proxy policy or ALG, or you can change these settings to match network traffic in your organization. You can also create additional proxy policies or ALGs to manage different parts of your network.

It is important to remember that a proxy policy or ALG requires more processor power than a packet filter. If you add a large number of proxy policies or ALGs to your configuration, network traffic speeds might decrease. However, a proxy or ALG uses methods that packet filters cannot use to catch dangerous packets. Each proxy policy includes several settings that you can adjust to create a balance between your security and performance requirements.

To add a proxy policy, from Fireware Web UI:

  1. Select Firewall > Firewall Policies.
  2. Click Add Policy.
  3. In the Policy Name text box, type a name for the policy.
  4. For the Select a policy type option, select Proxies.
  5. From the first drop-down list, select a proxy, and from the second drop-down list, select a proxy action.

Screen shot of the Add Firewall Policy page

  1. Click Add Policy.
    The Firewall Policies / Add page appears.

Screen shot of the Add page for an HTTP-proxy

To add a proxy policy, from Policy Manager:

  1. Click the Add Policy icon.
    Or, select Edit > Add Policies.
    The Add Policies dialog box appears.
  2. Expand the Proxies folder.
    A list of proxy policies appears.
  3. Select a proxy policy. Click Add.
    The New Policy Properties dialog box appears.

Screenshot of the New Policy Properties dialog box for the HTTP-proxy

For more information on the basic properties of all policies, see About Policy Properties.

Proxy policies and ALGs have default proxy action rulesets that provide a good balance of security and accessibility for most installations. If a default proxy action ruleset does not match the network traffic you want to examine, you can add a new proxy action, or clone an existing proxy action to modify the rules. You cannot modify a default predefined proxy action. For more information, see About Rules and Rulesets and the About topic for the type of policy you added.

About the DNS-Proxy About the IMAP-Proxy
About the FTP-Proxy About the POP3-Proxy
About the FTP-Proxy About the SMTP-Proxy
About the H.323-ALG About the SIP-ALG
About the HTTP-Proxy About the TCP-UDP-Proxy
About the HTTPS-Proxy  

See Also

About Policies

About Gateway AntiVirus

About spamBlocker

About WebBlocker

Give Us Feedback     Get Support     All Product Documentation     Technical Search