policy objectis a single object or a collective unit that groups discrete identities such as IP addresses, URLs, applications, or users. With policy objects that are a collective unit, you can reference the object in security policy instead of manually selecting multiple objects one at a time. Typically, when creating a policy object, you group objects that require similar permissions in policy. For example, if your organization uses a set of server IP addresses for authenticating users, you can group the set of server IP addresses as an
address grouppolicy object and reference the address group in the security policy. By grouping objects, you can significantly reduce the administrative overhead in creating policies.
You can create the following policy objects on the firewall:
Address/Address Group, Region
Allow you to group specific source or destination addresses that require the same policy enforcement. The address object can include an IPv4 or IPv6 address (single IP, range, subnet) or the FQDN. Alternatively, a region can be defined by the latitude and longitude coordinates or you can select a country and define an IP address or IP range. You can then group a collection of address objects to create an address group object.
You can also use dynamic address groups to dynamically update IP addresses in environments where host IP addresses change frequently.
The predefined External Dynamic Lists (EDLs) on the firewall count toward the maximum number of address objects that a firewall model supports.
Allow you to create a list of users from the local database or an external database and group them.
Application Group and Application Filter
An Application Filter allows you to filter applications dynamically. It allows you to filter, and save a group of applications using the attributes defined in the application database on the firewall. For example, you can Create an Application Filter by one or more attributes—category, sub-category, technology, risk, characteristics. With an application filter, when a content update occurs, any new applications that match your filter criteria are automatically added to your saved application filter.
An Application Group allows you to create a static group of specific applications that you want to group together for a group of users or for a particular service, or to achieve a particular policy goal. See Create an Application Group.
Allows you to specify the source and destination ports and protocol that a service can use. The firewall includes two pre-defined services—service-http and service-https— that use TCP ports 80 and 8080 for HTTP, and TCP port 443 for HTTPS. You can however, create any custom service on any TCP/UDP port of your choice to restrict application usage to specific ports on your network (in other words, you can define the default port for the application).
To view the standard ports used by an application, in
search for the application and click the link. A succinct description displays.
Use Application Objects in Policy
Use Application Objects in Policy Create an Application Group Create an Application Filter Create a Custom Application ...
Objects Objects are the elements that enable you to construct, schedule, and search for policy rules, and Security Profiles provide threat protection in policy rules. ...
Map Applications to Business Goals for a Simplified Rulebase
Map Applications to Business Goals for a Simplified Rulebase As you inventory the applications on your network, consider your business goals and acceptable use policies ...
Policies > Application Override
Policies > Application Override To change how the firewall classifies network traffic into applications, you can specify application override policies. For example, if you want ...
Objects > Applications
Objects > Applications The following topics describe the Applications page. What do you want to know? See: Understand the application settings and attributes displayed on ...
Policies > Security
Policies > Security Security policies reference security zones and enable you to allow, restrict, and track traffic on your network based on the application, user ...
Provide Granular Access to the Objects Tab
Provide Granular Access to the Objects Tab An object is a container that groups specific policy filter values—such as IP addresses, URLs, applications, or services—for ...
Create an Application Group
Create an Application Group An application group is an object that contains applications that you want to treat similarly in policy. Application groups are useful ...
Policies > QoS
Policies > QoS Add QoS policy rules to define traffic to receive QoS treatment, and assign a QoS class for each QoS policy rule in ...