Cloud NGFW for AWS
    : Create Security Rules on Cloud NGFW for AWS
    Focus
    Download PDF
    Focus
    1. Home
    2. AWS
    3. Cloud NGFW for AWS
    4. Cloud NGFW for AWS Rulestacks and Rules
    5. Create Security Rules on Cloud NGFW for AWS
    Download PDF

    Cloud NGFW for AWS

    Create Security Rules on Cloud NGFW for AWS

    Table of Contents

    Create Security Rules on Cloud NGFW for AWS

    Security rules protect network assets from threats and disruptions and helps to optimally allocate network resources for enhancing productivity and efficiency in business processes. On Cloud NGFW for AWS, individual security rules determine whether to block or allow a session based on traffic attributes, such as the source and destination IP address, source and destination FQDNs, or the application.
    All traffic passing through the firewall is matched against a session and each session is matched against a rule. When a session match occurs, the NGFW applies the matching rule to bidirectional traffic in that session (client to server and server to client). For traffic that doesn’t match any defined rules, the default rules apply.
    Security policy rules are evaluated left to right and from top to bottom. A packet is matched against the first rule that meets the defined criteria and, after a match is triggered, subsequent rules are not evaluated. Therefore, the more specific rules must precede more generic ones in order to enforce the best match criteria.
    After creating a rulestack, you can now create rules and add them to your rulestack.
    You can view the number of times that traffic has hit a specific rule by navigating to
    Rulestacks
    <rulestack-name>
    Security Rules
    <rule-name>
    Usage
    . The Usage tab display the number of times the suspected rule has been triggered by taffic passing through the NGFW. The hit counter refreshes every 15 seconds.
    Additionally, you can view the rule hit counter by selecting
    NGFWs
    <firewall-name>
    Rules
    <rule-name>
    . When view the hit counter from the NGFWs menu, the hit counter diaplys the number of times the chosen rule has been triggered on that specific NGFW.
    1. Select
      Manage
      Rulestacks
       and select the target rulestack for your new rule.
    2. Click
      Create New
      . When adding a rule to a global rulestack, you must choose
      Pre Rule
       or
      Post Rule
      .
    3. Enter a descriptive
      Name
       for your rule.
    4. (
      Optional
      ) Enter a
      Description
       of your rule.
    5. Set the
      Rule Priority
      .
      The rule priority determines the order in which the rules are evaluated. Rules with a lower priority are evaluated first. Additionally, each rule within a rulestack.
    6. By default, the security rule is
      Enabled
      . Uncheck
      Enabled
       to disable the rule. You can enable or disable a rule at anytime.
    7. Set the
      Source
      .
      1. Select
        Any
         or
        Match
        .
        Selecting
        Any
         means the traffic is evaluated against the rule regardless of source.
      2. If you select
        Match
        , click the add icon ( ) specify at least one Source object—IP Address (CIDR), Prefix List, Countries, or Intelligent Feed (IP Type).
    8. Set the
      Destination
      .
      1. Select
        Any
         or
        Match
        .
        Selecting
        Any
         means the traffic is evaluated against the rule regardless of destination.
      2. If you select
        Match
        , click the add icon ( ) and specify at least one Destination object—IP Address (CIDR), Prefix List, FQDN List, Countries, or Intelligent Feed (IP Type).
    9. Set
      Application (App-ID)
       Granular Control.
      1. Choose
        Any
         or
        Select
        .
        When choosing
        Any
        , traffic is evaluated regardless of the application. By specifying an application(s), traffic is evaluated against the rule if the traffic matches the specified application.
      2. If you choose Select, click the add icon ( ) and specify the application or applications.
    10. Set
      URL Category
       Granular Control.
      1. Choose
        Any
         or
        Match
        .
        When choosing
        Any
        , traffic is evaluated regardless of the URL. By specifying an application(s), traffic is evaluated against the rule if the traffic matches the specified URL category or Intelligent Feed (URL Type).
      2. If you choose
        Match
        , select
        URLCategoryNames
         or
        Feeds
         and click the add icon ( ). From the drop-down, select a URL category or intelligent feed.
    11. Set
      Port & Protocol
       Granular Control.
      1. Choose
        application-default
        ,
        Any
        , or
        Select
        .
        When choosing
        Any
        , traffic is evaluated regardless of the port and protocol. By specifying a port and protocol, traffic is evaluated against the rule if the traffic matches the specified port and protocol.
      2. If you choose Select, select the protocol from the drop-down and enter the port number. You can specify a single port number, or, use commas to specify multiple ports. For example: 80, 8080.
    12. Set
      Actions
      .
      1. Set the Action the firewall takes when traffic matches the rule—
        Allow
        ,
        Deny
        ,
        Reset Server
        , or
        Reset Both
         client and server.
      2. Enable
        Outbound TLS Decryption
        .
      3. Enable
        Logging
        .
    13. Click
      Create
      .
    14. After creating rules for your rulestack, validate or deploy your configuration.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.