Properties

Index

The index of the object, starting at 1. (Identifier)

Name

Specifies a symbolic name for the policy.

Action

Allow or Deny. (Default: Allow)

Reject

Drop the packet and respond with an ICMP error or TCP reset. (Default: No)

AppFilter

When enabled, uses the application(s) in the application list as a filter for this rule. Application recognition will be done on the first packet only, while normal application control continue to monitor the whole packet flow and can make a more detailed analysis. (Default: No)

AppFilterList

Specifies one or more applications that will be used as a filter parameter when matching traffic with this rule.

AppRouting

Will route the matching traffic according to the selected routing table. In the background a PBR Rule will be created to handle the routing. (Default: No)

AppRoutingTable

Routing table to use for corresponding PBR Rule. (Default: main)

SourceAddressTranslation

Action to take on source address. (Default: Auto)

NATSourceAddressAction

Specify method to determine which sender address to use. (Default: OutgoingInterfaceIP)

SATSourceAddressAction

Specify method to determine which sender address to use.

SourceNewIP

Specifies which sender address will be used.

SourceBaseIP

Specifies base address for sender address.

SourceNATPool

Specifies NAT Pool to fetch sender address to be used.

SourcePortAction

Specify method to determine which port action to use. (Default: None)

SourceNewSinglePort

Translate to this port. (Optional)

SourceBasePort

Transpose using this port as base. (Optional)

DestAddressTranslation

Action to take on destination address. (Default: None)

DestAddressAction

Specify method to determine which destination address to use.

DestNewIP

Specifies which destination address will be used.

DestBaseIP

Specifies base address for destination address.

DestPortAction

Specify method to determine which port action to use. (Default: None)

DestNewSinglePort

Translate to this port. (Optional)

DestBasePort

Transpose using this port as base. (Optional)

AntiVirus

Anti-Virus scanning. (Default: No)

AV_Mode

Anti-Virus mode. (Default: UsePolicy)

AV_Policy

Selects preconfigured Anti-Virus Profile.

AV_AuditMode

Anti-Virus audit mode. (Default: No)

AV_ScanExclude

List of files to exclude from antivirus scanning. (Optional)

AV_CompressionRatio

Files with a compression ratio higher than this value will trigger the Compression Ratio Action. (Default: 20)

AV_CompressionRatioAction

The action to take when high compression threshold is violated, all actions are logged. (Default: Drop)

AV_AllowEncryptedZip

Allow encrypted zip files, even though the contents can not be scanned. (Default: No)

AV_MaxArchiveDepth

The maximum number of archive "layers" that the antivirus engine will extract. (Default: 5)

AV_ZDEnabled

Enable ZoneDefense Block. (Default: No)

AV_ZDNetwork

Hosts within this range are blocked by ZoneDefense.

AV_FailModeBehavior

General behavior when anti-virus scanning fails. The data can either be allowed or denied. (Default: Deny)

WebControl

Web Control. (Default: No)

Web_Policy

Selects preconfigured Web Profile.

FileControl

File Control. (Default: No)

FC_Mode

File Control mode. (Default: UsePolicy)

FC_Policy

Selects preconfigured File Control Profile.

FC_ListType

Specifies if the file list contains files to allow or deny. (Default: Block)

FC_FileExtension

List of file types to allow or deny. (Optional)

FC_VerifyContentMimetype

Verify that file extentions correspond to the MIME type. (Default: No)

AppControl

Application Control. (Default: No)

AC_Mode

Application Control mode. (Default: UsePolicy)

AC_RuleSet

Selects preconfigured Application Rule.

AC_AppAction

Allow or Deny selected applications. (Default: Allow)

AC_Applications

List of applications to match.

EmailControl

Email Control. (Default: No)

EC_Policy

Selects preconfigured Email Control Profile.

VoIP

Voice over IP. (Default: No)

VoIP_Policy

Selects preconfigured VoIP Profile.

DNS

DNS. (Default: No)

DNS_Policy

Selects preconfigured DNS Profile.

FTPControl

Enables FTP protocol specific settings. (Default: No)

FTPAllowServerPassive

Allow server to use passive mode (unsafe for server). (Default: Yes)

FTPServerPorts

Server data ports. (Default: 1024-65535)

FTPAllowClientActive

Allow client to use active mode (unsafe for client). (Default: Yes)

FTPClientPorts

Client data ports. (Default: 1024-65535)

FTPAllowUnknownCommands

Allow unknown commands. (Default: No)

FTPAllowSITEEXEC

Allow SITE EXEC. (Default: No)

FTPMaxLineLength

Maximum line length in control channel. (Default: 256)

FTPMaxCommandRate

Maximum number of commands per second. (Default: 20)

FTPAllow8BitStrings

Allow 8-bit strings in control channel. (Default: Yes)

FTPAllowResumeTransfer

Allow RESUME even in case of content scanning. (Default: No)

TFTPControl

Enables TFTP protocol specific settings. (Default: No)

TFTPAllowedCommands

Specifies allowed commands. (Default: ReadWrite)

TFTPRemoveOptions

Remove option part from request packet. (Default: No)

TFTPAllowUnknownOptions

Allow unknown options in request packet. (Default: No)

TFTPMaxBlocksize

Max value for the blksize option. (Optional)

TFTPMaxFileTransferSize

Max size for transferred file. (Optional)

TFTPBlockDirectoryTraversal

Prevent directory traversal (consecutive dots in filenames). (Default: No)

PPTPControl

Enables PPTP protocol specific settings. (Default: No)

PPTPEchoTimeout

Specifies idle timeout for Echo messages in the PPTP tunnel. (Default: 0)

PPTPIdleTimeout

SPecifies idle timeout for user traffic in the PPTP tunnel. (Default: 0)

TLSControl

Enables TLS protocol specific settings. (Default: No)

TLSHostCert

Specifies the host certificate.

TLSRootCert

Specifies the root certificates. (Optional)

HTTPInspection

Enables HTTP protocol validation and logging of URLs. (Default: No)

HTTPAllowUnknownProtocols

Allow non-HTTP protocols to pass through without inspection. (Default: No)

SyslogControl

Syslog Protection. (Default: No)

Syslog_Policy

Selects preconfigured Syslog Profile.

SourceInterface

Specifies the name of the receiving interface to be compared to the received packet.

DestinationInterface

Specifies the destination interface to be compared to the received packet.

SourceNetwork

Specifies the sender span of IP addresses to be compared to the received packet.

DestinationNetwork

Specifies the span of IP addresses to be compared to the destination IP of the received packet.

Service

Specifies a service that will be used as a filter parameter when matching traffic with this rule. Changing the service to a service a protocol set will reveal additional configuration options, e.g. FTP, PPTP, TLS.

Schedule

By adding a schedule to a rule, the firewall will only allow that rule to trigger at those designated times. (Optional)

Attribute

Special Attribute of the current object. (Optional)

LogEnabled

Enable logging. (Default: Yes)

LogSeverity

Specifies with what severity log events will be sent to the specified log receivers. (Default: Default)

Comments

Text describing the current object. (Optional)