Applies To: FireCloud Internet Access
FireCloud is a beta product that is only available to participants in the WatchGuard FireCloud Beta program. To try FireCloud Internet Access, join the WatchGuard Beta test community.
FireCloud access rules determines when FireCloud allows or denies connections. FireCloud matches each connection to a rule based on the user groups that the connecting user belongs to. You can configure which of these security services apply to the traffic each rule handles:
- Content Filtering — Blocks specific content categories and applications. For more information, go to Content Filtering in FireCloud.
- Geolocation — Detects the geographic locations of connections to and from your network. You can enable and configure Geolocation to block access to and from specific locations. For more information, go to Add Geolocation Actions in FireCloud.
- Content Scanning — Protects against spyware, viruses, malicious applications, spam email, and data leakage. For more information, go to Content Scanning in FireCloud.
FireCloud has a Default rule that applies to all connections from all users. The Default rule has all security services enabled with default configuration settings. You cannot edit or delete the Default rule.
If you do not want to use the Default rule, you can disable it. If the Default rule is disabled and a user connection does not match any other access rules, FireCloud denies the connection.
You do not have to deploy your changes when you add, edit, or reorganize access rules.
Rule Priority
The rules list shows access rules in order of priority, from highest to lowest. For each connection, FireCloud applies the highest priority rule that matches the source (the group that the user belongs to).
When you add a new rule, it shows at the top of the list. To change the order of access rules in the list, you can drag a rule to move it.
You cannot change the priority of the FireCloud Default rule. The Default rule has a lower priority than all other access rules, and is only used if it is the only rule or if no other rules apply.
Add FireCloud Rules
To create new rules for traffic that comes from specific user groups, you can add FireCloud access rules. When you add a rule, all available security services are enabled in the rule by default. In the rule settings for Content Filtering and Geolocation, you select which action the rule uses.
After you add a new rule, we recommend that you review the order of your access rules. FireCloud always adds a new rule to top of the rule list, which makes it the highest priority rule.
To add a FireCloud rule, from WatchGuard Cloud:
- Select Configure > FireCloud.
- On the Configuration page, click Add Rule.
The Add FireCloud Rule page opens. - In the Name text box, type a name for this rule.
- Specify the user groups the rule applies to. You can specify multiple groups for one rule.
- If you use WatchGuard Cloud Directories and Domain Services for your identity provider, click Add User Group. Select the user groups that you want the rule to apply to and click Add.
- If you use a SAML identity provider, type the group names, pressingEnter or Returnbetween each group name.
- To enable or disable a security service, click the toggle for the service. For Content Filtering and Geolocation, select the action for this rule to use from the drop-down list.
-
Click Save.
Your rule is created and added to the top of the rule list.
Enable or Disable a FireCloud Rule
If you want to keep a rule but do not want the rule to apply to user traffic, you can disable the rule.
To enable or disable a rule:
- On the Configuration page, click the name of the rule in the rules list to edit it.
- Next to the rule name, enable or disable the toggle.
- Click Save.