You can convert IPv4 and IPv6 Access rules in an existing policy into a Sub-Policy.
The IPv4 and IPv6 Access rules do not have to be consecutive. However, if you add several references to a Sub-Policy in the same policy, all Sub-Policy rules are checked at each reference point, even if those rules were already checked at a previous reference point. This can be avoided, for example, by adding a rule at the end of the Sub-Policy that stops all connections that did not match the other rules.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
Right-click the policy or template and select Edit <policy type>.
-
On the IPv4 Access or IPv6 Access tab, select the rules that you want to add to the
Sub-Policy.
-
Right-click one of the selected rules and select Create Sub-Policy.
-
Enter a Name for the Sub-Policy and click OK.
The Sub-Policy element is created, a new Jump rule that references the Sub-Policy is automatically added to the policy, and the selected rules are moved to the Sub-Policy.
-
Edit the Jump rule cells to be as specific as possible, so that traffic is not unnecessarily matched to the sub-policy.
If necessary, you can add more references to the Sub-Policy, for example, by copy-pasting the Jump rule.
-
(Optional) Add the Sub-Policy to a custom Access Control List:
-
Right-click the Action cell in the Jump rule and select Properties.
The Properties dialog box for the Sub-Policy opens.
-
Switch to the Permissions tab and adjust the Access Control Lists at the top part of the dialog box.
-
Click OK.