Create template policies or policies

Template Policy elements are used as a basis for Policies and other Template Policies.

Every Policy and Template Policy that you create is based on a Template Policy. You can base several policies on the same Template Policy. The Template Policy or a customized copy of the Template Policy is always at the highest level of the policy hierarchy. It is not mandatory to create any custom Template Policies if you feel that it is not necessary in your environment.

When editing policies, the main difference between Policies and Template Policies are the special rows called insert points. Insert points are shown in both Template Policies and in Policies, but you can add them only to Template Policies. The insert points added to Template Policies mark where new rules can be added to policies that are based on the templates. If you create a Template Policy and do not base the Template Policy on any predefined Template Policy, you must add insert points separately for Access rules, NAT rules, and Ethernet rules.

Figure: Insert point in a Template Policy and the inheriting (Template) Policy



This illustration shows what the same insert point looks like in a Template Policy and in the inheriting policy elements. The color of the insert point indicates whether the insert point has been added in the current Template Policy for inheritance to lower levels (orange) or whether it has been inherited from the higher-level Template Policy (green). Only the orange insert points are inherited to lower-level policy elements. You must add at least one new insert point at each Template Policy level to make the lower-level policies editable. When you add the first new rule to the green insert point, the rule replaces the insert point. Any number of rules can then be added directly above and below that first rule. The engine reads rules in order from the top down. The rules above the insert point in the higher-level Template Policy cannot be canceled by anything a lower-level policy adds into the insert point.

Rules defined in the Template Policy itself cannot be edited in lower-level policies that use the Template Policy. Such inherited rules are shown only on your request and they are displayed with a gray background. Only the actual rules are inherited from a higher-level Template Policy into the lower-level policies and Template Policies. The rights to edit policies and Template Policies are defined separately.

A Firewall Policy, IPS Policy, Layer 2 Firewall Policy, or Layer 2 Interface Policy is the element that gathers all rules from the different policy elements:
  • Rules inherited from the Template Policy that is used as the basis of the policy
  • Rules from one or more Sub-Policies added to the policy
  • Rules added directly to the policy
  • Rules from the Inspection Policy that is referenced from the Inspection tab in the policy

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Right-click the Policies branch and select one of the following options:
    • New > Firewall Policy.
    • New > IPS Policy.
    • New > Layer 2 Firewall Policy.
    • New > Layer 2 Interface Policy
  3. In the properties dialog that opens, enter a Name for the element.
  4. Select the Template you want to base this template or policy on.
  5. (Optional) Switch to the Permissions tab and grant rights for the template or policy.
    1. To add a permission, click Add Permission.
      A new row appears on the administrator list.
    2. Click the Administrator cell and select the Administrator.
    3. Double-click the Administrator Role cell to select the correct role.
  6. Click OK.

    The new Template Policy or Policy opens in the Policy Editing view.

    If you changed administrator permissions for the policy, the changes are applied immediately. The permissions are also automatically updated in the properties of the administrator’s account.

Firewall Policy Properties dialog box

Use this dialog box to define the properties of a Firewall Policy element.

Option Definition
General tab
Name Specifies the element name.
Template Select the template the policy is based on.
Category Shows the assigned category.
Select Opens the Category Selection dialog box.
Comment An optional comment for your own reference.
Option Definition
Permissions tab
Access Control Lists Specifies administrator permissions for the policy.
Add Opens the Select Element dialog box.
Remove Removes the policy from the selected Access Control List.
Permissions
Administrator Shows the administrator who is allowed to view or edit the policy.
Administrator Role Shows the role or roles assigned to the selected administrator.
Add Permission Adds an entry to the Administrator list.
Remove Permission Removes the selected entry from the Administrator list.

Firewall Template Policy Properties dialog box

Use this dialog box to define the properties of a Firewall Template Policy.

Option Definition
General tab
Name Specifies the element name.
Template Select the template the policy is based on.
Category Shows the assigned category.
Select Opens the Category Selection dialog box.
Comment An optional comment for your own reference.
Option Definition
Permissions tab
Access Control Lists Specifies administrator permissions for the policy.
Add Opens the Select Element dialog box.
Remove Removes the policy from the selected Access Control List.
Permissions
Administrator Shows the administrator who is allowed to view or edit the policy.
Administrator Role Shows the role or roles assigned to the selected administrator.
Add Permission Adds an entry to the Administrator list.
Remove Permission Removes the selected entry from the Administrator list.

IPS Policy Properties dialog box

Use this dialog box to define the properties of an IPS Policy element.

Option Definition
General tab
Name Specifies the element name.
Template Select the template the policy is based on.
Category Shows the assigned category.
Select Opens the Category Selection dialog box.
Comment An optional comment for your own reference.
Option Definition
Permissions tab
Access Control Lists Specifies administrator permissions for the policy.
Add Opens the Select Element dialog box.
Remove Removes the policy from the selected Access Control List.
Permissions
Administrator Shows the administrator who is allowed to view or edit the policy.
Administrator Role Shows the role or roles assigned to the selected administrator.
Add Permission Adds an entry to the Administrator list.
Remove Permission Removes the selected entry from the Administrator list.

IPS Template Policy Properties dialog box

Use this dialog box to define the properties of an IPS Template Policy element.

Option Definition
General tab
Name Specifies the element name.
Template Select the template the policy is based on.
Category Shows the assigned category.
Select Opens the Category Selection dialog box.
Comment An optional comment for your own reference.
Option Definition
Permissions tab
Access Control Lists Specifies administrator permissions for the policy.
Add Opens the Select Element dialog box.
Remove Removes the policy from the selected Access Control List.
Permissions
Administrator Shows the administrator who is allowed to view or edit the policy.
Administrator Role Shows the role or roles assigned to the selected administrator.
Add Permission Adds an entry to the Administrator list.
Remove Permission Removes the selected entry from the Administrator list.

Layer 2 Firewall Policy Properties dialog box

Use this dialog box to define the properties of a Layer 2 Firewall Policy element.

Option Definition
General tab
Name Specifies the element name.
Template Select the template the policy is based on.
Category Shows the assigned category.
Select Opens the Category Selection dialog box.
Comment An optional comment for your own reference.
Option Definition
Permissions tab
Access Control Lists Specifies administrator permissions for the policy.
Add Opens the Select Element dialog box.
Remove Removes the policy from the selected Access Control List.
Permissions
Administrator Shows the administrator who is allowed to view or edit the policy.
Administrator Role Shows the role or roles assigned to the selected administrator.
Add Permission Adds an entry to the Administrator list.
Remove Permission Removes the selected entry from the Administrator list.

Layer 2 Firewall Template Policy Properties dialog box

Use this dialog box to define the properties of a Layer 2 Firewall Template Policy.

Option Definition
General tab
Name Specifies the element name.
Template Select the template the policy is based on.
Category Shows the assigned category.
Select Opens the Category Selection dialog box.
Comment An optional comment for your own reference.
Option Definition
Permissions tab
Access Control Lists Specifies administrator permissions for the policy.
Add Opens the Select Element dialog box.
Remove Removes the policy from the selected Access Control List.
Permissions
Administrator Shows the administrator who is allowed to view or edit the policy.
Administrator Role Shows the role or roles assigned to the selected administrator.
Add Permission Adds an entry to the Administrator list.
Remove Permission Removes the selected entry from the Administrator list.

Layer 2 Interface Policy Properties dialog box

Use this dialog box to define the properties of a Layer 2 Interface Policy element.

Option Definition
General tab
Name The name of the element.
Template Select the template the policy is based on.
Category

(Optional)

 Includes the element in predefined categories. Click Select to select a category.
Comment

(Optional)

 A comment for your own reference.
Option Definition
Permissions tab
Access Control Lists Specifies administrator permissions for the policy.
Add Opens the Select Element dialog box.
Remove Removes the policy from the selected Access Control List.
Permissions
Administrator Shows the administrator who is allowed to view or edit the policy.
Administrator Role Shows the role or roles assigned to the selected administrator.
Add Permission Adds an entry to the Administrator list.
Remove Permission Removes the selected entry from the Administrator list.

Layer 2 Interface Template Policy Properties dialog box

Use this dialog box to define the properties of a Layer 2 Interface Template Policy.

Option Definition
General tab
Name The name of the element.
Template Select the template the policy is based on.
Category

(Optional)

 Includes the element in predefined categories. Click Select to select a category.
Comment

(Optional)

 A comment for your own reference.
Option Definition
Permissions tab
Access Control Lists Specifies administrator permissions for the policy.
Add Opens the Select Element dialog box.
Remove Removes the policy from the selected Access Control List.
Permissions
Administrator Shows the administrator who is allowed to view or edit the policy.
Administrator Role Shows the role or roles assigned to the selected administrator.
Add Permission Adds an entry to the Administrator list.
Remove Permission Removes the selected entry from the Administrator list.

Inspection Policy Properties dialog box

Use this dialog box to define the properties of an Inspection Policy element.

Option Definition
General tab
Name Specifies the element name.
Template Select the template the policy is based on.
Category Shows the assigned category.
Select Opens the Category Selection dialog box.
Comment An optional comment for your own reference.
Option Definition
Permissions tab
Access Control Lists Specifies administrator permissions for the policy.
Add Opens the Select Element dialog box.
Remove Removes the policy from the selected Access Control List.
Permissions
Administrator Shows the administrator who is allowed to view or edit the policy.
Administrator Role Shows the role or roles assigned to the selected administrator.
Add Permission Adds an entry to the Administrator list.
Remove Permission Removes the selected entry from the Administrator list.