Creating a New Environment Condition
Use the Create New Environment Condition page to create a new environment condition using the environment variables.
To create a new environment condition:
After defining a new condition, you must apply it to the firewall policy rules. After assigning these conditions to the rules, publish and update to the device.
Field |
Description |
|---|---|
Condition Name |
Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters. |
Description |
Enter a description for the environment condition; maximum length is 255 characters. |
Condition |
Click the field and select the environment variable and the required possible values. You can choose one or more variables in a combination. For example, use ’=’ or ’!=’ operator to apply OR condition for the possible values. You can choose the AND operator, for the AND condition. |
Security administrators can now use the conditional evaluators based on the environment variables in the firewall policy. Security Director auto-calculates the changes to the relevant rules and based on the administrator’s approval, pushes out these changes to the entire network as required.
For example, the firewall policy rule table is updated with environment conditions, as shown in Table 2. If the ThreatLevel is Orange at a point of time, the system enables IPS service automatically for the corresponding traffic.
Rule Number |
Source Traffic Match Criteria |
Destination Traffic Match Criteria |
Environmental Condition |
Firewall Action(s) |
Other Actions |
|---|---|---|---|---|---|
1000 |
Any |
MyCriticalServers |
ThreatLevel=GREEN |
PERMIT |
LOG |
ThreatLevel=ORANGE |
PERMIT |
LOG IPS_STD_PROFILE |
|||
ThreatLevel=RED |
DENY |
LOG |