Properties

Index

The index of the object, starting at 1. (Identifier)

Name

Specifies a symbolic name for the policy.

DestPrimaryAddress

Specifies primary destination address that will be used.

DestFallbackAddress

Specifies backup destination address to use when primary address is unreachable.

DestNewPort

Rewrite destination port to this port. (Optional)

AntiVirus

Anti-Virus scanning. (Default: No)

AV_Policy

Selects preconfigured Anti-Virus Profile.

WebControl

Web Control. (Default: No)

Web_Policy

Selects preconfigured Web Profile.

FileControl

File Control. (Default: No)

FC_Policy

Selects preconfigured File Control Profile.

AppControl

Application Control. (Default: No)

AC_RuleSet

Selects preconfigured Application Rule.

EmailControl

Email Control. (Default: No)

EC_Policy

Selects preconfigured Email Control Profile.

VoIP

Voice over IP. (Default: No)

VoIP_Policy

Selects preconfigured VoIP Profile.

DNS

DNS. (Default: No)

DNS_Policy

Selects preconfigured DNS Profile.

FTPControl

Enables FTP protocol specific settings. (Default: No)

FTPAllowServerPassive

Allow server to use passive mode (unsafe for server). (Default: Yes)

FTPServerPorts

Server data ports. (Default: 1024-65535)

FTPAllowClientActive

Allow client to use active mode (unsafe for client). (Default: Yes)

FTPClientPorts

Client data ports. (Default: 1024-65535)

FTPAllowUnknownCommands

Allow unknown commands. (Default: No)

FTPAllowSITEEXEC

Allow SITE EXEC. (Default: No)

FTPMaxLineLength

Maximum line length in control channel. (Default: 256)

FTPMaxCommandRate

Maximum number of commands per second. (Default: 20)

FTPAllow8BitStrings

Allow 8-bit strings in control channel. (Default: Yes)

FTPAllowResumeTransfer

Allow RESUME even in case of content scanning. (Default: No)

TFTPControl

Enables TFTP protocol specific settings. (Default: No)

TFTPAllowedCommands

Specifies allowed commands. (Default: ReadWrite)

TFTPRemoveOptions

Remove option part from request packet. (Default: No)

TFTPAllowUnknownOptions

Allow unknown options in request packet. (Default: No)

TFTPMaxBlocksize

Max value for the blksize option. (Optional)

TFTPMaxFileTransferSize

Max size for transferred file. (Optional)

TFTPBlockDirectoryTraversal

Prevent directory traversal (consecutive dots in filenames). (Default: No)

PPTPControl

Enables PPTP protocol specific settings. (Default: No)

PPTPEchoTimeout

Specifies idle timeout for Echo messages in the PPTP tunnel. (Default: 0)

PPTPIdleTimeout

SPecifies idle timeout for user traffic in the PPTP tunnel. (Default: 0)

TLSControl

Enables TLS protocol specific settings. (Default: No)

TLSHostCert

Specifies the host certificate.

TLSRootCert

Specifies the root certificates. (Optional)

HTTPInspection

Enables HTTP protocol validation and logging of URLs. (Default: No)

HTTPAllowUnknownProtocols

Allow non-HTTP protocols to pass through without inspection. (Default: No)

SyslogControl

Syslog Protection. (Default: No)

Syslog_Policy

Selects preconfigured Syslog Profile.

Monitor_RoutingTable

Routing table used for server monitoring. (Default: main)

PingMonitor

Enable monitoring using ICMP Ping packets. (Default: No)

PingMonitor_PollingInterval

Delay in milliseconds between each ping interval. (Default: 5000)

PingMonitor_Samples

Specifies the number of attempts to use for statistical calculations. (Default: 10)

PingMonitor_MaxPollFails

Specifies the maximum number of failed ping attempts until host is considered to be unreachable. (Default: 2)

PingMonitor_MaxAverageLatency

Specifies the max average latency for the sample attempts. (Default: 800)

TCPMonitor

Enable monitoring using TCP handshakes. (Default: No)

TCPMonitor_Ports

Specifies the ports that will be monitored.

TCPMonitor_PollingInterval

Delay in milliseconds between each TCP handshake. (Default: 10000)

TCPMonitor_Samples

Specifies the number of attempts to use for statistical calculations. (Default: 10)

TCPMonitor_MaxPollFails

Specifies the maximum number of failed TCP attempts until host is considered to be unreachable. (Default: 2)

TCPMonitor_MaxAverageLatency

Specifies the max average latency for the sample attempts. (Default: 800)

HTTPMonitor

Enable monitoring using HTTP requests. (Default: No)

HTTPMonitor_Ports

Specifies the ports that will be monitored. (Default: 80)

HTTPMonitor_PollingInterval

Delay in milliseconds between each monitor interval. (Default: 10000)

HTTPMonitor_Samples

Specifies the number of attempts to use for statistical calculations. (Default: 10)

HTTPMonitor_MaxPollFails

Specifies the maximum number of failed HTTP attempts until host is considered to be unreachable. (Default: 2)

HTTPMonitor_MaxAverageLatency

Specifies the max average latency for the sample attempts. (Default: 800)

HTTPMonitor_URLType

Defines how the request URL should be interpreted. (Default: FQDN)

HTTPMonitor_RequestURL

Specifies the HTTP URL to monitor.

HTTPMonitor_ExpectedResponse

Expected HTTP response. (Optional)

SourceInterface

Specifies the name of the receiving interface to be compared to the received packet.

DestinationInterface

Specifies the destination interface to be compared to the received packet.

SourceNetwork

Specifies the sender span of IP addresses to be compared to the received packet.

DestinationNetwork

Specifies the span of IP addresses to be compared to the destination IP of the received packet.

SourceUserGroup

Specifies the User Group object, with username or group, that the source must be a part of. (Optional)

DestinationUserGroup

Specifies the User Group object, with username or group, that the destination must be a part of. (Optional)

Service

Specifies a service that will be used as a filter parameter when matching traffic with this rule. Changing the service to a service a protocol set will reveal additional configuration options, e.g. FTP, PPTP, TLS.

Schedule

By adding a schedule to a rule, the firewall will only allow that rule to trigger at those designated times. (Optional)

Attribute

Special Attribute of the current object. (Optional)

SourceAddressTranslation

Action to take on source address. (Default: None)

NATSourceAddressAction

Specify method to determine which sender address to use. (Default: OutgoingInterfaceIP)

SATSourceAddressAction

Specify method to determine which sender address to use.

SourceNewIP

Specifies which sender address will be used.

SourceBaseIP

Specifies base address for sender address.

SourceNATPool

Specifies NAT Pool to fetch sender address to be used.

SourcePortAction

Specify method to determine which port action to use. (Default: None)

SourceNewSinglePort

Translate to this port. (Optional)

SourceBasePort

Transpose using this port as base. (Optional)

LogEnabled

Enable logging. (Default: Yes)

LogSeverity

Specifies with what severity log events will be sent to the specified log receivers. (Default: Default)

Comments

Text describing the current object. (Optional)