Firewall Rule Administration - Rule Management


    The Firewall Rule Administration tab

    You can administer the firewall rules, objects from this tab (Firewall rule management).

    Devices supported with this feature

    For complete list of devices supported for this feature refer Supported Vendors  page.

     

    How to add a new network object?

    1. Select Rule Management > Rule Administration > Device Name.
    2. Select Network Objects.
    3. Click Add button on right top corner.
    4. Add Network Object screen opens up.
    5. In that screen, enter/select the values for following fields:
    Fields Description
    Mode API
    CLI
    Select the mode to push the object in to the firewall.
    Type Network Group
    Host
    DNS Domain
    Network
    Address Range
    Address Group Name  
    Address Description  
    Members List Existing list of local objects (members)
    1. Click Add button.

    The network object will be added and displayed under Local Objects section, Review & Push tab.

    How to edit an existing network object?

    1. Select Rule Management > Rule Administration > Device Name.
    2. Select Local Objects or Firewall Objects in the Network Objects tab.
    3. Click Edit icon in the Action column of the respective object .
    4. Edit Network Object screen opens up.
    5. In that screen, enter/select the values for following fields:
    Fields Description
    Mode API
    CLI
    Select the mode to push the object in to the firewall.
    Type Network Group
    Host
    DNS Domain
    Network
    Address Range
    Address Group Name  
    Address Description  
    Members List Existing list of local objects (members)
    1. Click Add button.

    The network object will be added and displayed under Local Objects section, Review & Push tab.

    How to delete an existing network object?

    1. Select Rule Management > Rule Administration > Device Name.
    2. Select Local Objects or Firewall Objects in the Network Objects tab.
    3. Click Delete icon in the Action column of the respective object .
    4. Confirmation dialog pops-up. On clicking OK, the network object under Local Objects section will be removed.
    5. For deleting Firewall Objects confirmation dialog with Mode (API, CLI) pops-up. Select the mode and click OK. On clicking OK button, the object will be moved to  Review & Push tab.

    How to add a new service object?

    1. Select Rule Management > Rule Administration > Device Name.
    2. Select Service Objects.
    3. Click Add button on right top corner.
    4. Add Service Object screen opens up.
    5. In that screen, enter/select the values for following fields:
    Fields Description
    Mode API
    CLI
    Select the mode to push the object in to the firewall.
    Type

    TCP Service
    UDP Service
    Service Group

    Service Name  
    Service Description  
    Service Port Existing list of local objects (members)
    1. Click Add button.

    The service object will be added and displayed under Local Objects section, Review & Push tab.

    How to edit an existing service object?

    1. Select Rule Management > Rule Administration > Device Name.
    2. Select Local Objects or Firewall Objects in the Service Objects tab.
    3. Click Edit icon in the Action column of the respective object .
    4. Edit Service Object screen opens up.
    5. In that screen, enter/select the values for following fields:
    Fields Description
    Mode API
    CLI
    Select the mode to push the object in to the firewall.
    Type

    TCP Service
    UDP Service
    Service Group

    Service Name  
    Service Description  
    Service Port Existing list of local objects (members)
    1. Click Add button.

    The service object will be added and displayed under Local Objects section, Review & Push tab.

    How to delete an existing service object?

    1. Select Rule Management > Rule Administration > Device Name.
    2. Select Local Objects or Firewall Objects in the Service Objects tab.
    3. Click Delete icon in the Action column of the respective object .
    4. Confirmation dialog pops-up. On clicking OK, the service object under Local Objects section will be removed.
    5. For deleting Firewall Objects confirmation dialog with Mode (API, CLI) pops-up. Select the mode and click OK. On clicking OK button, the object will be moved to  Review & Push tab.

    How to add a new security rule?

    1. Select Rule Management > Rule Administration > Device Name.
    2. Select Security Rules.
    3. Click Add button on right top corner.
    4. Add Device Rule screen opens up.
    5. In that screen, enter/select the values for following fields:
    Fields Description
    Mode API
    CLI
    Select the mode to push the rule in to the firewall.
    Rule Name Assign a name to the new rule to be created.
    Rule Description Description of the new rule.
    Rule Action Accept
    Drop
    Reject
    Rule Status Enable
    Disable
    Policy Name Name of the policy in which the new rule will be placed.
    Source Source of traffic. Select an existing source address using Select Source drop down list or click Add button to add a new network object to assign it as a source.
    Destination Destination of traffic. Select an existing destination address using Select Destination drop down list or click Add button to add a new network object to assign it as a destination.
    Services Services governed by this new rule. Select an existing service using Select Service drop down list or click Add button to add a new service object to assign it as a service.
    VPN Select an existing VPN community using Select VPN Community drop down list.
    Log Settings Enable Track Account check box
    Install On The device in which the rule should be installed.

     

    1. Click Save button.

    The security rule will be added and displayed under Local Rules section, Review & Push tab.

    How to edit an existing security rule?

    1. Select Rule Management > Rule Administration > Device Name.
    2. Select Local Rules or Firewall Rules in the Security Rules tab.
    3. Click Edit icon in the Action column of the respective object .
    4. Edit Security Rule screen opens up.
    5. In that screen, enter/select the values for following fields:
    Fields Description
    Mode API
    CLI
    Select the mode to push the rule in to the firewall.
    Rule Name Assign a name to the new rule to be created.
    Rule Description Description of the new rule.
    Rule Action Accept
    Drop
    Reject
    Rule Status Enable
    Disable
    Policy Name Name of the policy in which the new rule will be placed.
    Source Source of traffic. Select an existing source address using Select Source drop down list or click Add button to add a new network object to assign it as a source.
    Destination Destination of traffic. Select an existing destination address using Select Destination drop down list or click Add button to add a new network object to assign it as a destination.
    Services Services governed by this new rule. Select an existing service using Select Service drop down list or click Add button to add a new service object to assign it as a service.
    VPN Select an existing VPN community using Select VPN Community drop down list.
    Log Settings Enable Track Account check box
    Install On The device in which the rule should be installed.

     

    1. Click Save button.

    The security rule will be added and displayed under Local Rules section, Review & Push tab.

    How to delete an existing security rule?

    1. Select Rule Management > Rule Administration > Device Name.
    2. Select Local Rules or Firewall Rules in the Security Rules tab.
    3. Click Delete icon in the Action column of the respective object .
    4. Confirmation dialog pops-up. On clicking OK, the security rule under Local Objects section will be removed.
    5. For deleting Firewall Rules confirmation dialog with Mode (API, CLI) pops-up. Select the mode and click OK. On clicking OK button, the object will be moved to  Review & Push tab.

    How to review and push the new rules, objects in to the firewall device?

    The new rules, objects created will be displayed in the Local Rules, Local Objects section the respective object, rule tab. Apart from that, they will displayed in the Review and Push tab.

    • Select the required object, rule and click PUSH button.

    PaloAlto firewall device in API mode

    • The PUSH screen for PaloAlto firewall opens up.
    • In that screen, enter/select the values for following fields:
    Fields Description
    Select Device Non-editable field
    Mode API
    Non-editable field
    Web Server URL

    Enter the PaloAlto Web Server URL.

    Username Enter the username of the server.
    Password Enter the password of the server.
    • Click Validate button.
    • When the credentials are validated, the PUSH button appears in the place of Validate butoon.
    • Click PUSH button.
    • The selected object, rule will be pushed in to chosen firewall device.

    PaloAlto firewall device in CLI mode

    • The PUSH screen for PaloAlto firewall opens up.
    • In that screen, enter/select the values for following fields in the Primary section:
    Fields Description
    Select Device Non-editable field
    Mode CLI
    Non-editable field
    Protocol

    SSH
    Telnet
    Protocol to be used for pushing rule, object in CLI mode.

    Login Name Enter the login name of the server.
    Password Enter the password of the server.
    Prompt  

     

    • In that screen, enter/select the values for following fields in the Additional section:
    Fields Description
    Select Device Non-editable field
    Mode CLI
    Non-editable field
    Protocol

    SSH
    Telnet
    Protocol to be used for pushing rule, object in CLI mode.

    Port The port to be used for the above selected protocol.
    Login Prompt Enter the login name of the server.
    Password Prompt Enter the password of the server.
    Enable User Prompt  
    Enable Password Prompt  
    Banner Prompt  
    Banner Input  
    Timeout  
    Enable Command  
    Enable Username  
    Enable Password  
    Enable Prompt  
    Pre-execution commands  
    Managed by Panorama  
    • Click Validate button.
    • When the credentials are validated, the PUSH button appears in the place of Validate butoon.
    • Click PUSH button.
    • The selected object, rule will be pushed in to chosen firewall device.

    Check Point firewall device in API mode

    • The PUSH screen for Check Point firewall opens up.
    • In that screen, enter/select the values for following fields:
    Fields Description
    Select Device Non-editable field
    Mode API
    Non-editable field
    Management Server URL/
    Multi-Domain Server URL

    Enter the Check Point Management Server URL. If you are using Check Point multi-domain setup, enter the Multi-Domain Server URL.

    Login Name Enter the login name of the server.
    Password Enter the password of the server.
    Domain Name If you have the Domain Name, select the check box and enter the domain name.
    • Click Validate button.
    • When the credentials are validated, the PUSH button appears in the place of Validate butoon.
    • Click PUSH button.
    • The selected object, rule will be pushed in to chosen firewall device.

    Check Point firewall device in CLI mode

    • The PUSH screen for Check Point firewall opens up.
    • In that screen, enter/select the values for following fields:
    Fields Description
    Select Device Non-editable field
    Mode CLI
    Non-editable field
    Protocol SSH
    Telnet
    Protocol to be used for pushing rule, object in CLI mode.
    Port The port to be used for the above selected protocol.
    Management Server IP

    Enter the Check Point Management Server IP.

    Login Username Enter the login name of the server.
    Login Password Enter the password of the server.
    Security Management Administrator Username  
    Security Management Administrator Password  
    Prompt  
    Timeout  
    Domain Name If you have the Domain Name, select the check box and enter the domain name.
    • Click Validate button.
    • When the credentials are validated, the PUSH button appears in the place of Validate butoon.
    • Click PUSH button.
    • The selected object, rule will be pushed in to chosen firewall device.

    You can edit or delete the object, rule in this tab.

    It will not take effect unless the object, rule is commited (use Commit button in the case PaloAlto device) or policy installed (use Install Policy button in the case of Check Point device).

     

    PaloAlto: How to commit the new rules, objects in to the PaloAlto firewall device?

    The new rules, objects pushed to the firewall will be displayed in the Yet to Commit section of the Commit tab.

    • Select the required object, rule and click Commit button.
    • The selected object, rule will be committed in the chosen firewall device to take effect and will be moved to the Committed section of the Commit tab.
    • You can cleanup the entries in this tab using Cleanup button.
    • Also an entry will be available in the Commit Audit tab.
    • You can revert or delete the object, rule in this tab.
    • In the Commit Audit tab, you can view the difference and change summary of an entry.

    Check Point: How to install the new rules, objects in to the Check Point firewall device?

    The new rules, objects created will be displayed Commit tab.

    • Select the required object, rule and click Install Policy button.
    • The selected object, rule will be installed in the chosen firewall device to take effect and will be moved to the Commit tab.
    • You can cleanup the entries in this tab using Cleanup button.
    • You can revert or delete the object, rule in this tab.