Add Inspection rules

Inspection rules filter traffic based on traffic patterns. Inspection rules are stored in Inspection Policy elements.

Before you begin

You must have a custom Policy element and permissions to edit it.

The rules tree on the Inspection tab is the main tool that allows you to select which traffic patterns are permitted and stopped. You can also select whether a log entry or an alert is triggered, and whether matching traffic is recorded.

The rules table on the Exceptions table allows you to define detailed exceptions to the Inspection rule. The main uses for Exceptions are to eliminate false positives and to activate blacklisting or User Responses for specific traffic patterns.

Note: For layer 2 physical interfaces on NGFW Engines in the Firewall/VPN role, you select the Inspection Policy in the Firewall Policy.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Browse to Policies > Inspection Policies.
  3. Right-click a Template Inspection Policy or Inspection Policy element, then select Edit Inspection Policy.
  4. On the Inspection tab, adjust the rules.
  5. (Optional) On the Exceptions tab, define exceptions.