Creating Application Firewall Policies
Before You Begin
Read the Understanding Application Firewall Policies topic.
Have a basic understanding of firewall rules.
Have a basic understanding of an application (or application set) that indicates that the policy applies to traffic that matches it.
Review the application firewall policies main page for an understanding of your current data set. See Application Firewall Policies Main Page Fields for field descriptions.
Use the Application Firewall Policies page to configure an application firewall policy and to specify the rule set to be applied to it.
An application firewall:
Permits, rejects, or denies traffic based on the application of the traffic.
Consists of one or more rule sets that specify match criteria and the action to be taken for matching traffic.
Identifies not only HTTP but also any application running on top of it, letting you properly enforce policies. For example, an application firewall rule could block HTTP traffic from Facebook but allow Web access to HTTP traffic from MS Outlook.
To configure an application firewall policy, you must create a policy and then add rules to it. To create an application firewall policy:
- Select Configure > Application Firewall Policy > Policies.
- Click the + icon.
- Complete the configuration according to the guidelines provided in the Table 1.
- Click OK.
To add rules to the application firewall policy:
Click Add Rules for the policy you created.
Click +.
Complete the configuration according to the guidelines provided in the Table 2.
Click OK.
A new application firewall policy with your configurations is created. You can add rules to this policy to provide additional security.
Settings |
Guidelines |
---|---|
Name |
Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 63 characters. |
Description |
Enter a description for the policy; maximum length is 1024 characters. |
Settings |
Guidelines |
---|---|
Rule Name |
Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 63 characters. |
Application Signatures |
Select an option to add or delete an application signature. Select one or more available application signatures to add to the rules. |
Encryption |
Select an option to specify different actions for encrypted and unencrypted SSL traffic:
|
Action |
Select an option for any traffic that matches the application firewall rule set:
|
Notify user on blocking (Deny or Reject) |
Select whether or not to notify clients when drop or reject actions are logged from an application firewall:
|
Default Action—Default Action for other applications (not matching any rule) |
Select an option for any traffic that does not match any defined application firewall rule:
|
Block Message—Block Message Type |
Select an option to provide a text explanation to the client, redirect the client to an informative webpage, or do nothing after a reject or deny action from an application firewall:
|