Create template policies or policies
Template Policy elements are used as a basis for Policies and other Template Policies.
Every Policy and Template Policy that you create is based on a Template Policy. You can base several policies on the same Template Policy. The Template Policy or a customized copy of the Template Policy is always at the highest level of the policy hierarchy. It is not mandatory to create any custom Template Policies if you feel that it is not necessary in your environment.
When editing policies, the main difference between Policies and Template Policies are the special rows called insert points. Insert points are shown in both Template Policies and in Policies, but you can add them only to Template Policies. The insert points added to Template Policies mark where new rules can be added to policies that are based on the templates. If you create a Template Policy and do not base the Template Policy on any predefined Template Policy, you must add insert points separately for Access rules, NAT rules, and Ethernet rules.
This illustration shows what the same insert point looks like in a Template Policy and in the inheriting policy elements. The color of the insert point indicates whether the insert point has been added in the current Template Policy for inheritance to lower levels (orange) or whether it has been inherited from the higher-level Template Policy (green). Only the orange insert points are inherited to lower-level policy elements. You must add at least one new insert point at each Template Policy level to make the lower-level policies editable. When you add the first new rule to the green insert point, the rule replaces the insert point. Any number of rules can then be added directly above and below that first rule. The engine reads rules in order from the top down. The rules above the insert point in the higher-level Template Policy cannot be canceled by anything a lower-level policy adds into the insert point.
Rules defined in the Template Policy itself cannot be edited in lower-level policies that use the Template Policy. Such inherited rules are shown only on your request and they are displayed with a gray background. Only the actual rules are inherited from a higher-level Template Policy into the lower-level policies and Template Policies. The rights to edit policies and Template Policies are defined separately.
- Rules inherited from the Template Policy that is used as the basis of the policy
- Rules from one or more Sub-Policies added to the policy
- Rules added directly to the policy
- Rules from the Inspection Policy that is referenced from the Inspection tab in the policy
For more details about the product and how to configure features, click Help or press F1.
Steps
Engine Policy Properties dialog box
Use this dialog box to define the properties of a Engine Policy element.
Option | Definition |
---|---|
General tab | |
Name | Specifies the element name. |
Template | Select the template the policy is based on. |
Category | Shows the assigned category. |
Select | Opens the Category Selection dialog box. |
Comment | An optional comment for your own reference. |
Option | Definition |
---|---|
Permissions tab | |
Access Control Lists | Specifies administrator permissions for the policy. |
Add | Opens the Select Element dialog box. |
Remove | Removes the policy from the selected Access Control List. |
Permissions | |
Administrator | Shows the administrator who is allowed to view or edit the policy. |
Administrator Role | Shows the role or roles assigned to the selected administrator. |
Add Permission | Adds an entry to the Administrator list. |
Remove Permission | Removes the selected entry from the Administrator list. |
Firewall Template Policy Properties dialog box
Use this dialog box to define the properties of a Firewall Template Policy.
Option | Definition |
---|---|
General tab | |
Name | Specifies the element name. |
Template | Select the template the policy is based on. |
Category | Shows the assigned category. |
Select | Opens the Category Selection dialog box. |
Comment | An optional comment for your own reference. |
Option | Definition |
---|---|
Permissions tab | |
Access Control Lists | Specifies administrator permissions for the policy. |
Add | Opens the Select Element dialog box. |
Remove | Removes the policy from the selected Access Control List. |
Permissions | |
Administrator | Shows the administrator who is allowed to view or edit the policy. |
Administrator Role | Shows the role or roles assigned to the selected administrator. |
Add Permission | Adds an entry to the Administrator list. |
Remove Permission | Removes the selected entry from the Administrator list. |
IPS Policy Properties dialog box
Use this dialog box to define the properties of an IPS Policy element.
Option | Definition |
---|---|
General tab | |
Name | Specifies the element name. |
Template | Select the template the policy is based on. |
Category | Shows the assigned category. |
Select | Opens the Category Selection dialog box. |
Comment | An optional comment for your own reference. |
Option | Definition |
---|---|
Permissions tab | |
Access Control Lists | Specifies administrator permissions for the policy. |
Add | Opens the Select Element dialog box. |
Remove | Removes the policy from the selected Access Control List. |
Permissions | |
Administrator | Shows the administrator who is allowed to view or edit the policy. |
Administrator Role | Shows the role or roles assigned to the selected administrator. |
Add Permission | Adds an entry to the Administrator list. |
Remove Permission | Removes the selected entry from the Administrator list. |
IPS Template Policy Properties dialog box
Use this dialog box to define the properties of an IPS Template Policy element.
Option | Definition |
---|---|
General tab | |
Name | Specifies the element name. |
Template | Select the template the policy is based on. |
Category | Shows the assigned category. |
Select | Opens the Category Selection dialog box. |
Comment | An optional comment for your own reference. |
Option | Definition |
---|---|
Permissions tab | |
Access Control Lists | Specifies administrator permissions for the policy. |
Add | Opens the Select Element dialog box. |
Remove | Removes the policy from the selected Access Control List. |
Permissions | |
Administrator | Shows the administrator who is allowed to view or edit the policy. |
Administrator Role | Shows the role or roles assigned to the selected administrator. |
Add Permission | Adds an entry to the Administrator list. |
Remove Permission | Removes the selected entry from the Administrator list. |
Layer 2 Engine Policy Properties dialog box
Use this dialog box to define the properties of a Layer 2 Engine Policy element.
Option | Definition |
---|---|
General tab | |
Name | Specifies the element name. |
Template | Select the template the policy is based on. |
Category | Shows the assigned category. |
Select | Opens the Category Selection dialog box. |
Comment | An optional comment for your own reference. |
Option | Definition |
---|---|
Permissions tab | |
Access Control Lists | Specifies administrator permissions for the policy. |
Add | Opens the Select Element dialog box. |
Remove | Removes the policy from the selected Access Control List. |
Permissions | |
Administrator | Shows the administrator who is allowed to view or edit the policy. |
Administrator Role | Shows the role or roles assigned to the selected administrator. |
Add Permission | Adds an entry to the Administrator list. |
Remove Permission | Removes the selected entry from the Administrator list. |
Layer 2 Firewall Template Policy Properties dialog box
Use this dialog box to define the properties of a Layer 2 Firewall Template Policy.
Option | Definition |
---|---|
General tab | |
Name | Specifies the element name. |
Template | Select the template the policy is based on. |
Category | Shows the assigned category. |
Select | Opens the Category Selection dialog box. |
Comment | An optional comment for your own reference. |
Option | Definition |
---|---|
Permissions tab | |
Access Control Lists | Specifies administrator permissions for the policy. |
Add | Opens the Select Element dialog box. |
Remove | Removes the policy from the selected Access Control List. |
Permissions | |
Administrator | Shows the administrator who is allowed to view or edit the policy. |
Administrator Role | Shows the role or roles assigned to the selected administrator. |
Add Permission | Adds an entry to the Administrator list. |
Remove Permission | Removes the selected entry from the Administrator list. |
Layer 2 Interface Policy Properties dialog box
Use this dialog box to define the properties of a Layer 2 Interface Policy element.
Option | Definition |
---|---|
General tab | |
Name | The name of the element. |
Template | Select the template the policy is based on. |
Category (Optional) |
Includes the element in predefined categories. Click Select to select a category. |
Comment (Optional) |
A comment for your own reference. |
Option | Definition |
---|---|
Permissions tab | |
Access Control Lists | Specifies administrator permissions for the policy. |
Add | Opens the Select Element dialog box. |
Remove | Removes the policy from the selected Access Control List. |
Permissions | |
Administrator | Shows the administrator who is allowed to view or edit the policy. |
Administrator Role | Shows the role or roles assigned to the selected administrator. |
Add Permission | Adds an entry to the Administrator list. |
Remove Permission | Removes the selected entry from the Administrator list. |
Layer 2 Interface Template Policy Properties dialog box
Use this dialog box to define the properties of a Layer 2 Interface Template Policy.
Option | Definition |
---|---|
General tab | |
Name | The name of the element. |
Template | Select the template the policy is based on. |
Category (Optional) |
Includes the element in predefined categories. Click Select to select a category. |
Comment (Optional) |
A comment for your own reference. |
Option | Definition |
---|---|
Permissions tab | |
Access Control Lists | Specifies administrator permissions for the policy. |
Add | Opens the Select Element dialog box. |
Remove | Removes the policy from the selected Access Control List. |
Permissions | |
Administrator | Shows the administrator who is allowed to view or edit the policy. |
Administrator Role | Shows the role or roles assigned to the selected administrator. |
Add Permission | Adds an entry to the Administrator list. |
Remove Permission | Removes the selected entry from the Administrator list. |
Inspection Policy Properties dialog box
Use this dialog box to define the properties of an Inspection Policy element.
Option | Definition |
---|---|
General tab | |
Name | Specifies the element name. |
Template | Select the template the policy is based on. |
Category | Shows the assigned category. |
Select | Opens the Category Selection dialog box. |
Comment | An optional comment for your own reference. |
Option | Definition |
---|---|
Permissions tab | |
Access Control Lists | Specifies administrator permissions for the policy. |
Add | Opens the Select Element dialog box. |
Remove | Removes the policy from the selected Access Control List. |
Permissions | |
Administrator | Shows the administrator who is allowed to view or edit the policy. |
Administrator Role | Shows the role or roles assigned to the selected administrator. |
Add Permission | Adds an entry to the Administrator list. |
Remove Permission | Removes the selected entry from the Administrator list. |