Create or Edit a Custom Policy Template

To add specialized policies to your configuration files, you can create custom policy templates. A custom policy template can be for a packet filter or proxy policy and can use any available protocol. When you add a custom policy template to your configuration, make sure to specify a unique name for the policy template, so you can find the policy when you want to change or remove it. This name must be different than the name of any other policy template.

In the policy template, you can configure these properties:

Policy Type

Specify whether the template is for a packet filter or proxy policy. For a proxy policy, you also select the type of proxy policy or application layer gateway (ALG). Fireware supports proxy policies for many common protocols, including DNS, FTP, H.323, HTTP, HTTPS, POP3, SIP, SMTP, and TCP-UDP. For more information about proxy policy types, go to About Proxy Policies and ALGs.

Protocols

Specify the protocols the policy template applies to. You can add more than one protocol to the same policy template. The GRE, AH, ESP, ICMP, ICMPv6, IGMP, OSP, IP, and PIM protocols use a single port, and you cannot configure it. For some protocols, you must specify additional information: 

  • For the TCP and UDP protocols, specify the port or port range.
  • For ICMP (Internet Control Message Protocol) and ICMPv6, specify an ICMP Type and ICMP Code. If you type 255 in the text boxes, the Firebox interprets the type and code as any ICMP traffic of any ICMP traffic type.
  • For the IP protocol, specify the protocol number.

Custom Idle Timeout

You can specify a custom idle timeout. The idle timeout is the maximum length of time, in seconds, that a connection can stay active when no traffic is sent through the connection. If you do not specify a custom idle timeout, the template uses the default idle timeout setting of 180 seconds (3 minutes).

  1. Select Firewall > Firewall Policies or Firewall > Mobile VPN IPSec Policies.
    The Policies page you selected opens.
  2. Click Add Policy.
    The Add Firewall Policy page opens.

Screenshot of the Add Firewall Policy page

  1. For the policy type, select Custom.
  2. From the Custom drop-down list, select a policy or click Add to create a new custom policy.
    The Add Policy Template page opens.

Screen shot of the Add Policy Template page

  1. In the Name text box, type a name for the custom policy template.
  2. (Optional) In the Description text box, type a description of the policy template.
    This appears in the Details section when you click the policy name in the list of User Filters.
  3. Select a policy type: Packet Filter or Proxy.
  4. For a proxy policy, from the Proxy drop-down list, select a proxy type.
  5. To add a protocol, click Add.
    The Add Protocol dialog box opens.

Add Protocol dialog box, with single port and TCP options selected

  1. From the Type drop-down list, select an option: Single Port or Port Range.
  2. From the Protocol drop-down list, select the protocol to use for this policy.
    If you select Single Port, you can select TCP, UDP, GRE, AH, ESP, ICMP, ICMPv6, IGMP, OSP, IP, or Any.
    If you select Port Range, you can select TCP or UDP.
    The options below the drop-down list change for each protocol.
    • If you selected Single Port, in the Server Port text box, type the port number.
      If you selected Port Range, in the Start Server Port and End Server Port text boxes, type the server port range.
  3. Click OK.
    The protocol appears in the Protocols list.
  4. To specify the idle timeout, select the Specify custom idle timeout check box and type the timeout value in seconds.
  5. Click Save.
    The custom policy name appears in the Add Firewall Policy page in the Custom drop-down list.
  1. Click Policy Manager Add Policy button.
    Or, select Edit > Add Policies.
    The Add Policy dialog box opens.
  2. Click Manage Custom.
    The Manage Custom Policy Templates dialog box opens.
  3. To add a new custom policy template, click New.
    Or, to edit an existing custom policy template, select the policy template and click Edit.
    The New Policy Template dialog box opens.

New Policy Template dialog box

  1. In the Name text box, type the name of the custom policy.
  2. In the Description text box, type a description of the policy.
  3. Select the type of policy: Packet Filter or Proxy.
  4. If you select Proxy, choose the proxy protocol from the adjacent drop-down list.
  5. To specify the idle timeout, select the Specify Custom Idle Timeout check box and type the timeout value in seconds.
  6. To add protocols for this policy, click Add.
    The Add Protocol dialog box opens.

Add Protocol dailog box for custom policy template.

  1. From the Type drop-down list, select Single Port or Port Range.
  2. From the Protocol drop-down list, select the protocol for this new policy.
    If you select Single Port, you can select TCP, UDP, GRE, AH, ESP, ICMP, ICMPv6, IGMP, OSP, IP, or Any.
    If you select Port Range, you can select TCP or UDP. The options below the drop-down list change for each protocol.
    • If you selected Single Port, in the Server Port text box, type or select the port for this new policy.
      If you selected Port Range, in the Start Server Port and End Server Port text boxes, type or select the starting server port and the ending server port.
  3. Click OK.
    The policy template is added to the Custom policies folder.

You can now use the custom policy template to add one or more custom policies to your configuration. Use the same procedure as you would to add a policy based on a predefined policy template.

ICMPv6 templates are only supported in Fireware v12.6.2 and higher. If you try to save a configuration that includes an ICMPv6 custom template to a lower version of Fireware, an error message appears that you must remove the template before you can save the configuration.

  1. Select Firewall > Firewall Policies.
    The Policies page opens.

Screenshot of the Fireware Web UI Policies page

  1. Click the policy you want to edit.
    The policy you selected opens.

Screenshot of the Fireware Web UI Edit Firewall Policy page with Settings tab selected

  1. Edit the policy.
  2. Click Save.
  1. Click Policy Manager Add Policy button.
    Or, select Edit > Add Policies.
    The Add Policy dialog box opens.
  2. Click Manage Custom.
    The Manage Custom Policy Templates dialog box opens.

Screenshot of Manage Custom Policy Templates dialog box

  1. Select the policy template you want to edit and click Edit.
    The Edit Policy Template dialog box opens.

Screenshot of Edit Policy Template dialog box in Policy Manager

  1. Edit the policy.
  2. Click OK.

Related Topics

Add Policies to Your Configuration

Import and Export Custom Policy Templates