: Remove the Temporary Rules
Focus
Focus
Table of Contents

Remove the Temporary Rules

After several months of monitoring your initial internet gateway best practice security policy and tuning the rulebase, you should see less and less traffic that you want to allow matching the temporary rules. Keep in mind that some applications are only used quarterly or yearly for periodic meetings and events. Before you stop allowing an application by removing it from the temporary rules without adding it to another allow rule, make sure that it's not used only periodically and make sure that it's not an application that's critical to your business
When you no longer see traffic that you want to allow matching the temporary rules, you have achieved your goal of transitioning to a fully application-based Security policy rulebase. You can now remove the temporary rules, including the application block rules for applications that don't have a legitimate use case and for public DNS and SMTP applications because the default interzone-default deny rule automatically blocks that traffic since it matches no explicit allow rules. (Keep the rules that block QUIC for SSL Forward Proxy.)
  1. Select
    Policies
    Security
    .
  2. Select the rule's row and click
    Delete
    .
    Alternatively,
    Disable
    the temporary rules for a period of time before deleting them. Examine the Traffic logs for traffic that matches the
    interzone-default
    deny rule. If the Traffic logs reveal that traffic you want to allow matches the
    interzone-default
    , you can
    Enable
    them again, add the desired application to an existing allow rule, or create a new allow rule for the application.
  3. Commit
    the changes.

Recommended For You