Perform the following prerequisites before creating Authentication policy rules:
To create a rule, perform one of the following steps and then complete the fields described in Building Blocks of an Authentication Policy Rule:
To modify a rule, click the rule Name and edit the fields described in Building Blocks of an Authentication Policy Rule.
If the firewall received the rule from Panorama, the rule is read-only; you can edit it only on Panorama.
When matching traffic, the firewall evaluates rules from top to bottom in the order that the
page lists them. To change the evaluation order, select a rule and
Move Top, or
Move Bottom. For details, see Move or Clone a Policy Rule.
To remove an existing rule, select and
To disable a rule, select and
Disableit. To re-enable a disabled rule, select and
Highlight Unused Rules
To identify rules that have not matched traffic since the last time the firewall was restarted,
Highlight Unused Rules. You can then decide whether to disable or delete unused rules. The page highlights unused rules with a dotted yellow background.
Preview rules (
Preview Rulesto view a list of the rules before you push the rules to the managed firewalls. Within each rulebase, the page visually demarcates the rule hierarchy for each device group (and managed firewall) to facilitate scanning of numerous rules.