To choose source zones (default is any), click
Addand select from the drop-down. To define new zones, refer to Network > Zones.
You can add multiple zones to simplify management.
Addsource addresses, address groups, or regions (default is
Any). Select from the drop-down or select
Address Group, or
Regions(bottom of the drop-down) to specify the settings. Objects > Addresses and Objects > Address Groups describe the types of address objects and address groups, respectively, that a policy rule supports.
Negateoption applies the rule to source addresses from the specified zone except for the addresses specified.
Addto choose the source users or groups of users subject to the policy. The following source user types are supported:
If the firewall collects user information from a RADIUS, TACACS+, or SAML identity provider server and not from the User-ID™ agent, the list of users does not display; you must enter user information manually.
Addthe host devices subject to the policy: