Firewall Rule Administration - Rule Management

---

The Firewall Rule Administration tab

You can administer the firewall rules, objects from this tab (Firewall rule management).

Devices supported with this feature

For complete list of devices supported for this feature refer Supported Vendors  page.

• How to add a new network object?
• How to edit an existing network object?
• How to delete an existing network object?
• How to add a new service object?
• How to edit an existing service object?
• How to delete an existing service object?
• How to add a new security rule?
• How to edit an existing security rule?
• How to delete an existing security rule?
• How to review and push the new rules, objects in to the firewall device?
  • PaloAlto firewall device in API mode
  • PaloAlto firewall device in CLI mode
  • Check Point firewall device in API mode
  • Check Point firewall device in CLI mode
• PaloAlto: How to commit the new rules, objects in to the PaloAlto firewall device?
• Check Point: How to install the new rules, objects in to the Check Point firewall device?

 

How to add a new network object?

1. Select Rule Management > Rule Administration > Device Name.
2. Select Network Objects.
3. Click Add button on right top corner.
4. Add Network Object screen opens up.
5. In that screen, enter/select the values for following fields:

Fields	Description
Mode	API CLI Select the mode to push the object in to the firewall.
Type	Network Group Host DNS Domain Network Address Range
Address Group Name
Address Description
Members List	Existing list of local objects (members)

6. Click Add button.

The network object will be added and displayed under Local Objects section, Review & Push tab.

How to edit an existing network object?

1. Select Rule Management > Rule Administration > Device Name.
2. Select Local Objects or Firewall Objects in the Network Objects tab.
3. Click Edit icon in the Action column of the respective object .
4. Edit Network Object screen opens up.
5. In that screen, enter/select the values for following fields:

Fields	Description
Mode	API CLI Select the mode to push the object in to the firewall.
Type	Network Group Host DNS Domain Network Address Range
Address Group Name
Address Description
Members List	Existing list of local objects (members)

6. Click Add button.

The network object will be added and displayed under Local Objects section, Review & Push tab.

How to delete an existing network object?

1. Select Rule Management > Rule Administration > Device Name.
2. Select Local Objects or Firewall Objects in the Network Objects tab.
3. Click Delete icon in the Action column of the respective object .
4. Confirmation dialog pops-up. On clicking OK, the network object under Local Objects section will be removed.
5. For deleting Firewall Objects confirmation dialog with Mode (API, CLI) pops-up. Select the mode and click OK. On clicking OK button, the object will be moved to  Review & Push tab.

How to add a new service object?

1. Select Rule Management > Rule Administration > Device Name.
2. Select Service Objects.
3. Click Add button on right top corner.
4. Add Service Object screen opens up.
5. In that screen, enter/select the values for following fields:

Fields	Description
Mode	API CLI Select the mode to push the object in to the firewall.
Type	TCP Service UDP Service Service Group
Service Name
Service Description
Service Port	Existing list of local objects (members)

6. Click Add button.

The service object will be added and displayed under Local Objects section, Review & Push tab.

How to edit an existing service object?

1. Select Rule Management > Rule Administration > Device Name.
2. Select Local Objects or Firewall Objects in the Service Objects tab.
3. Click Edit icon in the Action column of the respective object .
4. Edit Service Object screen opens up.
5. In that screen, enter/select the values for following fields:

Fields	Description
Mode	API CLI Select the mode to push the object in to the firewall.
Type	TCP Service UDP Service Service Group
Service Name
Service Description
Service Port	Existing list of local objects (members)

6. Click Add button.

The service object will be added and displayed under Local Objects section, Review & Push tab.

How to delete an existing service object?

1. Select Rule Management > Rule Administration > Device Name.
2. Select Local Objects or Firewall Objects in the Service Objects tab.
3. Click Delete icon in the Action column of the respective object .
4. Confirmation dialog pops-up. On clicking OK, the service object under Local Objects section will be removed.
5. For deleting Firewall Objects confirmation dialog with Mode (API, CLI) pops-up. Select the mode and click OK. On clicking OK button, the object will be moved to  Review & Push tab.

How to add a new security rule?

1. Select Rule Management > Rule Administration > Device Name.
2. Select Security Rules.
3. Click Add button on right top corner.
4. Add Device Rule screen opens up.
5. In that screen, enter/select the values for following fields:

Fields	Description
Mode	API CLI Select the mode to push the rule in to the firewall.
Rule Name	Assign a name to the new rule to be created.
Rule Description	Description of the new rule.
Rule Action	Accept Drop Reject
Rule Status	Enable Disable
Policy Name	Name of the policy in which the new rule will be placed.
Source	Source of traffic. Select an existing source address using Select Source drop down list or click Add button to add a new network object to assign it as a source.
Destination	Destination of traffic. Select an existing destination address using Select Destination drop down list or click Add button to add a new network object to assign it as a destination.
Services	Services governed by this new rule. Select an existing service using Select Service drop down list or click Add button to add a new service object to assign it as a service.
VPN	Select an existing VPN community using Select VPN Community drop down list.
Log Settings	Enable Track Account check box
Install On	The device in which the rule should be installed.

 

6. Click Save button.

The security rule will be added and displayed under Local Rules section, Review & Push tab.

How to edit an existing security rule?

1. Select Rule Management > Rule Administration > Device Name.
2. Select Local Rules or Firewall Rules in the Security Rules tab.
3. Click Edit icon in the Action column of the respective object .
4. Edit Security Rule screen opens up.
5. In that screen, enter/select the values for following fields:

Fields	Description
Mode	API CLI Select the mode to push the rule in to the firewall.
Rule Name	Assign a name to the new rule to be created.
Rule Description	Description of the new rule.
Rule Action	Accept Drop Reject
Rule Status	Enable Disable
Policy Name	Name of the policy in which the new rule will be placed.
Source	Source of traffic. Select an existing source address using Select Source drop down list or click Add button to add a new network object to assign it as a source.
Destination	Destination of traffic. Select an existing destination address using Select Destination drop down list or click Add button to add a new network object to assign it as a destination.
Services	Services governed by this new rule. Select an existing service using Select Service drop down list or click Add button to add a new service object to assign it as a service.
VPN	Select an existing VPN community using Select VPN Community drop down list.
Log Settings	Enable Track Account check box
Install On	The device in which the rule should be installed.

 

6. Click Save button.

The security rule will be added and displayed under Local Rules section, Review & Push tab.

How to delete an existing security rule?

1. Select Rule Management > Rule Administration > Device Name.
2. Select Local Rules or Firewall Rules in the Security Rules tab.
3. Click Delete icon in the Action column of the respective object .
4. Confirmation dialog pops-up. On clicking OK, the security rule under Local Objects section will be removed.
5. For deleting Firewall Rules confirmation dialog with Mode (API, CLI) pops-up. Select the mode and click OK. On clicking OK button, the object will be moved to  Review & Push tab.

How to review and push the new rules, objects in to the firewall device?

The new rules, objects created will be displayed in the Local Rules, Local Objects section the respective object, rule tab. Apart from that, they will displayed in the Review and Push tab.

• Select the required object, rule and click PUSH button.

PaloAlto firewall device in API mode

• The PUSH screen for PaloAlto firewall opens up.
• In that screen, enter/select the values for following fields:

Fields	Description
Select Device	Non-editable field
Mode	API Non-editable field
Web Server URL	Enter the PaloAlto Web Server URL.
Username	Enter the username of the server.
Password	Enter the password of the server.

• Click Validate button.
• When the credentials are validated, the PUSH button appears in the place of Validate butoon.
• Click PUSH button.
• The selected object, rule will be pushed in to chosen firewall device.

PaloAlto firewall device in CLI mode

• The PUSH screen for PaloAlto firewall opens up.
• In that screen, enter/select the values for following fields in the Primary section:

Fields	Description
Select Device	Non-editable field
Mode	CLI Non-editable field
Protocol	SSH Telnet Protocol to be used for pushing rule, object in CLI mode.
Login Name	Enter the login name of the server.
Password	Enter the password of the server.
Prompt

 

• In that screen, enter/select the values for following fields in the Additional section:

Fields	Description
Select Device	Non-editable field
Mode	CLI Non-editable field
Protocol	SSH Telnet Protocol to be used for pushing rule, object in CLI mode.
Port	The port to be used for the above selected protocol.
Login Prompt	Enter the login name of the server.
Password Prompt	Enter the password of the server.
Enable User Prompt
Enable Password Prompt
Banner Prompt
Banner Input
Timeout
Enable Command
Enable Username
Enable Password
Enable Prompt
Pre-execution commands
Managed by Panorama

• Click Validate button.
• When the credentials are validated, the PUSH button appears in the place of Validate butoon.
• Click PUSH button.
• The selected object, rule will be pushed in to chosen firewall device.

Check Point firewall device in API mode

• The PUSH screen for Check Point firewall opens up.
• In that screen, enter/select the values for following fields:

Fields	Description
Select Device	Non-editable field
Mode	API Non-editable field
Management Server URL/ Multi-Domain Server URL	Enter the Check Point Management Server URL. If you are using Check Point multi-domain setup, enter the Multi-Domain Server URL.
Login Name	Enter the login name of the server.
Password	Enter the password of the server.
Domain Name	If you have the Domain Name, select the check box and enter the domain name.

• Click Validate button.
• When the credentials are validated, the PUSH button appears in the place of Validate butoon.
• Click PUSH button.
• The selected object, rule will be pushed in to chosen firewall device.

Check Point firewall device in CLI mode

• The PUSH screen for Check Point firewall opens up.
• In that screen, enter/select the values for following fields:

Fields	Description
Select Device	Non-editable field
Mode	CLI Non-editable field
Protocol	SSH Telnet Protocol to be used for pushing rule, object in CLI mode.
Port	The port to be used for the above selected protocol.
Management Server IP	Enter the Check Point Management Server IP.
Login Username	Enter the login name of the server.
Login Password	Enter the password of the server.
Security Management Administrator Username
Security Management Administrator Password
Prompt
Timeout
Domain Name	If you have the Domain Name, select the check box and enter the domain name.

• Click Validate button.
• When the credentials are validated, the PUSH button appears in the place of Validate butoon.
• Click PUSH button.
• The selected object, rule will be pushed in to chosen firewall device.

You can edit or delete the object, rule in this tab.

It will not take effect unless the object, rule is commited (use Commit button in the case PaloAlto device) or policy installed (use Install Policy button in the case of Check Point device).

 

PaloAlto: How to commit the new rules, objects in to the PaloAlto firewall device?

The new rules, objects pushed to the firewall will be displayed in the Yet to Commit section of the Commit tab.

• Select the required object, rule and click Commit button.
• The selected object, rule will be committed in the chosen firewall device to take effect and will be moved to the Committed section of the Commit tab.

• You can cleanup the entries in this tab using Cleanup button.
• Also an entry will be available in the Commit Audit tab.
• You can revert or delete the object, rule in this tab.
• In the Commit Audit tab, you can view the difference and change summary of an entry.

Check Point: How to install the new rules, objects in to the Check Point firewall device?

The new rules, objects created will be displayed Commit tab.

'Install Policy' action for Check Point firewalls

• Go to Rule Management > Rule Administration > Commit tab. Click Install Policy button.
• After providing credentials, click Install Policy button, Firewall Analyzer performs the Check Point Install policy action.

'Cleanup' action for Check Point firewalls

• You can cleanup the entries in this tab using Cleanup button.
• You can revert or delete the object, rule in this tab.