Focus

Cloud NGFW for Azure

Create Security Rules on Cloud NGFW for Azure

Table of Contents

Create Security Rules on Cloud NGFW for Azure

Create security rules on the Cloud NGFW for Azure.

Security rules protect network assets from threats and disruptions and help to optimally allocate network resources for enhancing productivity and efficiency in business processes. On Cloud NGFW for Azure, individual security rules determine whether to block or allow a session based on traffic attributes, such as the source and destination IP address, source and destination FQDNs, or the application.

All traffic passing through the firewall is matched against a session and each session is matched against a rule. When a session match occurs, the NGFW applies the matching rule to bidirectional traffic in that session (client to server and server to client). For traffic that doesn’t match any defined rules, the default rules apply.

Security policy rules are evaluated left to right and from top to bottom. A packet is matched against the first rule that meets the defined criteria and, after a match is triggered, subsequent rules are not evaluated. Therefore, the more specific rules must precede more generic ones in order to enforce the best match criteria.

After creating a rulestack, you can now create rules and add them to your rulestack.

Click the

Local Rulestacks

icon from the homepage and select a previously-created rulestack on which you wish to add Rules.

Click

Rules

and then click

Add

In the general section, enter a descriptive

Name

for your rule.

(Optional) Enter a

Description

of your rule.

Set the

Rule Priority

The rule priority determines the order in which the rules are evaluated. Rules with a lower priority are evaluated first. Additionally, each rule within a rulestack.

By default, the security rule is

Enabled

. Uncheck

Enabled

to disable the rule. You can enable or disable a rule at any time.

Set the

Source

Select

Any

Match

, or

Exclude

Selecting

Any

means the traffic is evaluated against the rule regardless of source.

If you select

Match

, specify the IP Address (CIDR), Prefix List, Countries, Intelligent Feeds, or Dynamic Prefix List.

Set the

Destination

Select

Any

Match

, or

Exclude

Selecting

Any

means the traffic is evaluated against the rule regardless of destination.

If you select

Match

, specify the Prefix List, FQDN List, Countries.

Set Granular Control.

Choose

Any

Select

When choosing

Any

, traffic is evaluated regardless of the application. By specifying an application(s), traffic is evaluated against the rule if the traffic matches the specified application.

If you choose

Select

, specify the applications.

Set

URL Category

Granular Control.

Choose

Any

Select

When choosing

Any

, traffic is evaluated regardless of the URL.

If you choose

Select

, Choose one of the

Predefined Categories

from the drop-down.

Set

Port & Protocol

Granular Control.

Choose

application-default

any

, or

Select

When choosing

any

, traffic is evaluated regardless of the port and protocol. By specifying a port and protocol, traffic is evaluated against the rule if the traffic matches the specified port and protocol.

If you choose

Select

, select the protocol from the drop-down and enter the port number. You can specify a single port number.

Set

Actions

Set the Action the firewall takes when traffic matches the rule—

Allow

Deny

Drop

, or

Reset both client and server

Enable

Egress Decryption

Enable

Logging

Click

Add

After creating rules for your rulestack, validate or deploy your configuration.

Add a Certificate to Cloud NGFW for Azure

Cloud NGFW for Azure Security Services

Cloud NGFW for Azure

Create Security Rules on Cloud NGFW for Azure

Create Security Rules on Cloud NGFW for Azure

Recommended For You