Home

Firewall Rule Administration - Rule Management

The Firewall Rule Administration tab

You can administer the firewall rules, objects from this tab (Firewall rule management).

Devices supported with this feature

For complete list of devices supported for this feature refer Supported Vendors  page.

 

How to add a new network object?

  1. Select Rule Management > Rule Administration > Device Name.
  2. Select Network Objects.
  3. Click Add button on right top corner.
  4. Add Network Object screen opens up.
  5. In that screen, enter/select the values for following fields:
FieldsDescription
ModeAPI
CLI
Select the mode to push the object in to the firewall.
TypeNetwork Group
Host
DNS Domain
Network
Address Range
Address Group Name 
Address Description 
Members ListExisting list of local objects (members)
  1. Click Add button.

The network object will be added and displayed under Local Objects section, Review & Push tab.

How to edit an existing network object?

  1. Select Rule Management > Rule Administration > Device Name.
  2. Select Local Objects or Firewall Objects in the Network Objects tab.
  3. Click Edit icon in the Action column of the respective object .
  4. Edit Network Object screen opens up.
  5. In that screen, enter/select the values for following fields:
FieldsDescription
ModeAPI
CLI
Select the mode to push the object in to the firewall.
TypeNetwork Group
Host
DNS Domain
Network
Address Range
Address Group Name 
Address Description 
Members ListExisting list of local objects (members)
  1. Click Add button.

The network object will be added and displayed under Local Objects section, Review & Push tab.

How to delete an existing network object?

  1. Select Rule Management > Rule Administration > Device Name.
  2. Select Local Objects or Firewall Objects in the Network Objects tab.
  3. Click Delete icon in the Action column of the respective object .
  4. Confirmation dialog pops-up. On clicking OK, the network object under Local Objects section will be removed.
  5. For deleting Firewall Objects confirmation dialog with Mode (API, CLI) pops-up. Select the mode and click OK. On clicking OK button, the object will be moved to  Review & Push tab.

How to add a new service object?

  1. Select Rule Management > Rule Administration > Device Name.
  2. Select Service Objects.
  3. Click Add button on right top corner.
  4. Add Service Object screen opens up.
  5. In that screen, enter/select the values for following fields:
FieldsDescription
ModeAPI
CLI
Select the mode to push the object in to the firewall.
Type

TCP Service
UDP Service
Service Group

Service Name 
Service Description 
Service PortExisting list of local objects (members)
  1. Click Add button.

The service object will be added and displayed under Local Objects section, Review & Push tab.

How to edit an existing service object?

  1. Select Rule Management > Rule Administration > Device Name.
  2. Select Local Objects or Firewall Objects in the Service Objects tab.
  3. Click Edit icon in the Action column of the respective object .
  4. Edit Service Object screen opens up.
  5. In that screen, enter/select the values for following fields:
FieldsDescription
ModeAPI
CLI
Select the mode to push the object in to the firewall.
Type

TCP Service
UDP Service
Service Group

Service Name 
Service Description 
Service PortExisting list of local objects (members)
  1. Click Add button.

The service object will be added and displayed under Local Objects section, Review & Push tab.

How to delete an existing service object?

  1. Select Rule Management > Rule Administration > Device Name.
  2. Select Local Objects or Firewall Objects in the Service Objects tab.
  3. Click Delete icon in the Action column of the respective object .
  4. Confirmation dialog pops-up. On clicking OK, the service object under Local Objects section will be removed.
  5. For deleting Firewall Objects confirmation dialog with Mode (API, CLI) pops-up. Select the mode and click OK. On clicking OK button, the object will be moved to  Review & Push tab.

How to add a new security rule?

  1. Select Rule Management > Rule Administration > Device Name.
  2. Select Security Rules.
  3. Click Add button on right top corner.
  4. Add Device Rule screen opens up.
  5. In that screen, enter/select the values for following fields:
FieldsDescription
ModeAPI
CLI
Select the mode to push the rule in to the firewall.
Rule NameAssign a name to the new rule to be created.
Rule DescriptionDescription of the new rule.
Rule ActionAccept
Drop
Reject
Rule StatusEnable
Disable
Policy NameName of the policy in which the new rule will be placed.
SourceSource of traffic. Select an existing source address using Select Source drop down list or click Add button to add a new network object to assign it as a source.
DestinationDestination of traffic. Select an existing destination address using Select Destination drop down list or click Add button to add a new network object to assign it as a destination.
ServicesServices governed by this new rule. Select an existing service using Select Service drop down list or click Add button to add a new service object to assign it as a service.
VPNSelect an existing VPN community using Select VPN Community drop down list.
Log SettingsEnable Track Account check box
Install OnThe device in which the rule should be installed.

 

  1. Click Save button.

The security rule will be added and displayed under Local Rules section, Review & Push tab.

How to edit an existing security rule?

  1. Select Rule Management > Rule Administration > Device Name.
  2. Select Local Rules or Firewall Rules in the Security Rules tab.
  3. Click Edit icon in the Action column of the respective object .
  4. Edit Security Rule screen opens up.
  5. In that screen, enter/select the values for following fields:
FieldsDescription
ModeAPI
CLI
Select the mode to push the rule in to the firewall.
Rule NameAssign a name to the new rule to be created.
Rule DescriptionDescription of the new rule.
Rule ActionAccept
Drop
Reject
Rule StatusEnable
Disable
Policy NameName of the policy in which the new rule will be placed.
SourceSource of traffic. Select an existing source address using Select Source drop down list or click Add button to add a new network object to assign it as a source.
DestinationDestination of traffic. Select an existing destination address using Select Destination drop down list or click Add button to add a new network object to assign it as a destination.
ServicesServices governed by this new rule. Select an existing service using Select Service drop down list or click Add button to add a new service object to assign it as a service.
VPNSelect an existing VPN community using Select VPN Community drop down list.
Log SettingsEnable Track Account check box
Install OnThe device in which the rule should be installed.

 

  1. Click Save button.

The security rule will be added and displayed under Local Rules section, Review & Push tab.

How to delete an existing security rule?

  1. Select Rule Management > Rule Administration > Device Name.
  2. Select Local Rules or Firewall Rules in the Security Rules tab.
  3. Click Delete icon in the Action column of the respective object .
  4. Confirmation dialog pops-up. On clicking OK, the security rule under Local Objects section will be removed.
  5. For deleting Firewall Rules confirmation dialog with Mode (API, CLI) pops-up. Select the mode and click OK. On clicking OK button, the object will be moved to  Review & Push tab.

How to review and push the new rules, objects in to the firewall device?

The new rules, objects created will be displayed in the Local Rules,Local Objects section the respective object, rule tab. Apart from that, they will displayed in the Review and Push tab.

  • Select the required object, rule and click PUSH button.

PaloAlto firewall device in API mode

  • The PUSH screen for PaloAlto firewall opens up.
  • In that screen, enter/select the values for following fields:
FieldsDescription
Select DeviceNon-editable field
ModeAPI
Non-editable field
Web Server URL

Enter the PaloAlto Web Server URL.

UsernameEnter the username of the server.
PasswordEnter the password of the server.
  • Click Validate button.
  • When the credentials are validated, the PUSH button appears in the place of Validate butoon.
  • Click PUSH button.
  • The selected object, rule will be pushed in to chosen firewall device.

PaloAlto firewall device in CLI mode

  • The PUSH screen for PaloAlto firewall opens up.
  • In that screen, enter/select the values for following fields in the Primary section:
FieldsDescription
Select DeviceNon-editable field
ModeCLI
Non-editable field
Protocol

SSH
Telnet
Protocol to be used for pushing rule, object in CLI mode.

Login NameEnter the login name of the server.
PasswordEnter the password of the server.
Prompt 

 

  • In that screen, enter/select the values for following fields in the Additional section:
FieldsDescription
Select DeviceNon-editable field
ModeCLI
Non-editable field
Protocol

SSH
Telnet
Protocol to be used for pushing rule, object in CLI mode.

PortThe port to be used for the above selected protocol.
Login PromptEnter the login name of the server.
Password PromptEnter the password of the server.
Enable User Prompt 
Enable Password Prompt 
Banner Prompt 
Banner Input 
Timeout 
Enable Command 
Enable Username 
Enable Password 
Enable Prompt 
Pre-execution commands 
Managed by Panorama 
  • Click Validate button.
  • When the credentials are validated, the PUSH button appears in the place of Validate butoon.
  • Click PUSH button.
  • The selected object, rule will be pushed in to chosen firewall device.

Check Point firewall device in API mode

  • The PUSH screen for Check Point firewall opens up.
  • In that screen, enter/select the values for following fields:
FieldsDescription
Select DeviceNon-editable field
ModeAPI
Non-editable field
Management Server URL/
Multi-Domain Server URL

Enter the Check Point Management Server URL. If you are using Check Point multi-domain setup, enter the Multi-Domain Server URL.

Login NameEnter the login name of the server.
PasswordEnter the password of the server.
Domain NameIf you have the Domain Name, select the check box and enter the domain name.
  • Click Validate button.
  • When the credentials are validated, the PUSH button appears in the place of Validate butoon.
  • Click PUSH button.
  • The selected object, rule will be pushed in to chosen firewall device.

Check Point firewall device in CLI mode

  • The PUSH screen for Check Point firewall opens up.
  • In that screen, enter/select the values for following fields:
FieldsDescription
Select DeviceNon-editable field
ModeCLI
Non-editable field
ProtocolSSH
Telnet
Protocol to be used for pushing rule, object in CLI mode.
PortThe port to be used for the above selected protocol.
Management Server IP

Enter the Check Point Management Server IP.

Login UsernameEnter the login name of the server.
Login PasswordEnter the password of the server.
Security Management Administrator Username 
Security Management Administrator Password 
Prompt 
Timeout 
Domain NameIf you have the Domain Name, select the check box and enter the domain name.
  • Click Validate button.
  • When the credentials are validated, the PUSH button appears in the place of Validate butoon.
  • Click PUSH button.
  • The selected object, rule will be pushed in to chosen firewall device.

You can edit or delete the object, rule in this tab.

It will not take effect unless the object, rule is commited (use Commit button in the case PaloAlto device) or policy installed (use Install Policy button in the case of Check Point device).

 

PaloAlto: How to commit the new rules, objects in to the PaloAlto firewall device?

The new rules, objects pushed to the firewall will be displayed in the Yet to Commit section of the Commit tab.

  • Select the required object, rule and click Commit button.
  • The selected object, rule will be committed in the chosen firewall device to take effect and will be moved to the Committed section of the Commit tab.
  • You can cleanup the entries in this tab using Cleanup button.
  • Also an entry will be available in the Commit Audit tab.
  • You can revert or delete the object, rule in this tab.
  • In the Commit Audit tab, you can view the difference and change summary of an entry.

Check Point: How to install the new rules, objects in to the Check Point firewall device?

The new rules, objects created will be displayed Commit tab.

'Install Policy' action for Check Point firewalls

  • Go to Rule Management > Rule Administration > Commit tab. Click Install Policy button.
  • After providing credentials, click Install Policy button, Firewall Analyzer performs the Check Point Install policy action.

'Cleanup' action for Check Point firewalls

  • You can cleanup the entries in this tab using Cleanup button.
  • You can revert or delete the object, rule in this tab.

 

 

 

A single platter for comprehensive Network Security Device Management
Quick LinksNetwork Bandwidth ReportsNetwork Security & Device MgmtLog ManagementCompliance &amp MSSP Features