Cloud NGFW for AWS
Create Security Rules on Cloud NGFW for AWS
Table of Contents
Expand All
|
Collapse All
Cloud NGFW for AWS Docs
Create Security Rules on Cloud NGFW for AWS
Learn how to create security rules on Cloud NGFW for AWS.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Security rules protect network assets from threats and disruptions and
help to optimally allocate network resources for enhancing productivity and
efficiency in business processes. On Cloud NGFW for AWS, individual security rules
determine whether to block or allow a session based on traffic attributes, such as
the source and destination IP address, source and destination FQDNs, or the
application.
All traffic passing through the firewall is matched against a session and each
session is matched against a rule. When a session match occurs, the NGFW applies the
matching rule to bidirectional traffic in that session (client to server and server
to client). For traffic that does not match any defined rules, the default rules
apply.
Security policy rules are evaluated left to right and from top to bottom. A packet is
matched against the first rule that meets the defined criteria and, after a match is
triggered, subsequent rules are not evaluated. Therefore, the more specific rules
must precede more generic ones to enforce the best match criteria.
After creating a rulestack, you can now create rules and add them to your rulestack.
You can view the number of times that traffic has hit a specific rule by navigating
to Rulestacks<rulestack-name>Security Rules<rule-name>Usage. The Usage tab displays the number of times
the suspected rule has been triggered by traffic passing through the NGFW. The hit
counter refreshes every 15 seconds.
Additionally, you can view the rule hit counter by selecting NGFWs<firewall-name>Rules<rule-name>. When view the hit counter from the NGFWs menu, the hit counter
diaplys the number of times the chosen rule has been triggered on that specific
NGFW.
- Select ManageRulestacks and select the target rulestack for your new rule.Click Create New. When adding a rule to a global rulestack, you must choose Pre-Rule or Post-Rule.Enter a descriptive Name for your rule.(Optional) Enter a Description of your rule.Set the Rule Priority.The rule priority determines the order in which the rules are evaluated. Rules with a lower priority are evaluated first. Additionally, each rule within a rulestack.By default, the security rule is Enabled. Uncheck Enabled to disable the rule. You can enable or disable a rule at any time.Set the Source.
- Select Any or Match.Selecting Any means the traffic is evaluated against the rule regardless of source.If you select Match, click the add icon (Set the Destination.
- Select Any or Match.Selecting Any means the traffic is evaluated against the rule regardless of destination.If you select Match, click the add icon (Set Application (App-ID) Granular Control.
- Choose Any or Select.When choosing Any, traffic is evaluated regardless of the application. By specifying an application, traffic is evaluated against the rule if the traffic matches the specified application.If you choose Select, click the add icon (Set URL Category Granular Control.
- Choose Any or Match.When choosing Any, traffic is evaluated regardless of the URL. By specifying an application, traffic is evaluated against the rule if the traffic matches the specified URL category or Intelligent Feed (URL Type).If you choose Match, select URLCategoryNames or Feeds and click the add icon (Set Port & Protocol Granular Control.
- Choose application-default, Any, or Select.When choosing Any, traffic is evaluated regardless of the port and protocol. By specifying a port and protocol, traffic is evaluated against the rule if the traffic matches the specified port and protocol.If you choose Select, select the protocol from the drop-down and enter the port number. You can specify a single port number, or use commas to specify multiple ports. For example: 80, 8080.Set Actions.
- Set the Action the firewall takes when traffic matches the rule—Allow, Deny, Reset Server, or Reset Both client and server.Enable Outbound TLS Decryption.Enable Logging.Click Create.After creating rules for your rulestack, validate or deploy your configuration.