Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Creating a New Environment Condition

Use the Create New Environment Condition page to create a new environment condition using the environment variables.

To create a new environment condition:

  1. Select Configure > Environment.

    The Environment page appears.

  2. Select the Environment Conditions tab and click the + icon.

    The Create New Environment Condition page appears.

  3. Complete the configuration by using the guidelines in Table 1.
  4. Click Save to save the configuration or Cancel to discard the configuration.

After defining a new condition, you must apply it to the firewall policy rules. After assigning these conditions to the rules, publish and update to the device.

Table 1: Fields on the Create New Environment Condition Page

Field

Description

Condition Name

Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters.

Description

Enter a description for the environment condition; maximum length is 255 characters.

Condition

Click the field and select the environment variable and the required possible values.

You can choose one or more variables in a combination. For example, use ’=’ or ’!=’ operator to apply OR condition for the possible values. You can choose the AND operator, for the AND condition.

Security administrators can now use the conditional evaluators based on the environment variables in the firewall policy. Security Director auto-calculates the changes to the relevant rules and based on the administrator’s approval, pushes out these changes to the entire network as required.

For example, the firewall policy rule table is updated with environment conditions, as shown in Table 2. If the ThreatLevel is Orange at a point of time, the system enables IPS service automatically for the corresponding traffic.

Table 2: Firewall Rule with a Condition

Rule Number

Source Traffic Match Criteria

Destination Traffic Match Criteria

Environmental Condition

Firewall Action(s)

Other Actions

1000

Any

MyCriticalServers

ThreatLevel=GREEN

PERMIT

LOG

ThreatLevel=ORANGE

PERMIT

LOG IPS_STD_PROFILE

ThreatLevel=RED

DENY

LOG