Add Policies to Your Configuration

Your Firebox configuration includes a default set of policies and predefined policy templates. When you add a policy, you select a policy template. The template specifies whether the policy is a packet filter or proxy policy, and defines the ports and protocols the policy applies to. To specify custom ports and protocols, create a custom policy template. After you use a policy template to add a new policy, you can configure other policy properties, such as subscription services, QoS actions, and operating schedules.

You can add two types of policies to your Firebox configuration:

  • Firewall policy — filters traffic through the firewall based on port and protocol
  • Mobile VPN with IPSec policy — filters traffic through the firewall for members of the Mobile VPN with IPSec group. For more information, go to Configure Policies to Filter IPSec Mobile VPN Traffic.

After you add a policy to your configuration, you define rules to:

  • Set allowed traffic sources and destinations
  • Enable security services
  • Configure filter rules in proxy actions (for proxy policies)
  • Configure properties such as Traffic Management, NAT, and log settings

For more information on policy configuration, go to About Policy Properties.

Add a Firewall Policy

  1. Select Firewall > Firewall Policies.
    The Policies page you selected appears.
  2. Click Add Policy.
  3. Select a policy type:
    • Packet Filter
    • Proxies
    • Custom
  4. For a packet filter, from the adjacent drop-down list, select a policy template.
    For a proxy, from the adjacent drop-down list, select a proxy policy template, and from the second drop-down list, select a proxy action. For more information, go to About Proxy Actions.
    For a custom policy, from the adjacent drop-down list, select a custom policy template or click Add to create a new custom policy template. For more information, go to Create or Edit a Custom Policy Template
  5. Click Add Policy.
    A page showing the new policy properties appears.

Screen shot of policy properties for a new HTTP-proxy

  1. Configure the source, destination, and other policy properties. For more information, go to About Policy Properties.
  2. Click Save.
  1. Click Add Policy button.
    Or, select Edit > Add Policy.
    The Add Policy dialog box appears.
  2. Expand the Proxies, Packet Filters, or Custom folder.
    A list of policy templates appears.
  3. Select a policy template.
    The policy template properties appear on the right.

Screen shot of the Add Policy dialog box in Policy Manager

  1. To add a policy that uses the selected template, click Add Policy.
    The New Policy Properties dialog box appears, with the Policy tab selected.

Screen shot of the New Policy Properties dialog box for the HTTP-proxy

  1. Configure the source, destination, and other policy properties. For more information, go to About Policy Properties.
  2. For a proxy policy, select the proxy action or content action. For more information, go to About Proxy Actions.
  3. Click OK to close the Properties dialog box.
    You can add more than one policy while the Policies dialog box is open.
  4. Click Close.
    The new policy appears in Policy Manager.

Create Custom Policy Templates

To add a firewall or Mobile VPN policy from Policy Manager, you select a policy template from the list. A policy template contains the policy name, a short description of the policy, and the protocol and port the policy applies to. If there is no policy template for the type of traffic you want to allow or deny, you can add a custom policy template and then use that to create a policy.

For information about how to create and manage custom policy templates, go to:

Add More Than One Policy of the Same Type

If your security policy requires it, you can add more than one policy of the same type to your configuration. For example, you can add two HTTP-proxy policies with different settings to set a limit on web access for most users, but give full web access to your management team. Or you can create two policies of the same type that have a different operating schedules to control the type of traffic allowed during business hours.

For some examples of how to configure different policies of the same type, go to:

When you add multiple policies of the same type, it is important to understand which policy has precedence. If you configure two policies of the same type, the Firebox automatically evaluates policies in order from the most specific to the least specific. For more information, go to About Policy Precedence.

Use Policy Checker to Find a Policy

To determine how your Firebox manages traffic for a particular protocol between a source and destination you specify, you can use Policy Checker in Fireware Web UI.

For more information, go to Use Policy Checker to Find a Policy.

Related Topics

About Policies

About Proxy Actions

About Policy Manager