User guide

User Guide 119

Firewall Policies

About custom policies

You must define a custom policy for traffic if you need to allow for a protocol that is not included by default

as a Firebox configuration option.

A custom policy is also necessary if

 You must create an additional packet filter for a policy.

 You must change the port or protocol for a policy.

You can add a custom policy that uses:

 TCP ports

 UDP ports

 An IP protocol that is not TCP or UDP, such as GRE, AH, ESP, ICMP, IGMP, and OSPF. You identify an IP

protocol that is not TCP or UDP with the IP protocol number.

You can create a custom policy using a wizard

or manually.

Add a custom policy using a wizard

1. From the navigation bar, click Wizards.

2. Adjacent to Define a custom policy, click Go.

3. Use the instructions in the wizard to add a custom policy.

The Traffic Filter Wizard includes these steps:

Welcome

The first screen tells you about the wizard and the information you must have to complete the wizard.

Policy Name

Type a name to identify the policy.

Protocols and Ports

Set the protocol and ports to assign to this traffic filter.

Traffic Direction

Identify if this is an incoming or outgoing policy.

Policy action

Configure the Edge to allow or deny this type of policy traffic through the firewall.

Restrict to remote computers

To put a limit on the scope of the policy, add the IP addresses of the computers or networks outside

the firewall to which this policy applies.

Restrict to local computers

To put a limit on the scope of the policy, add the IP addresses of the computers or networks inside

the firewall to which this policy applies.