Overriding or Reverting a Security Policy Rule
The default security rules—interzone-default and intrazone-default—have predefined settings that you can override on a firewall or on Panorama. If a firewall receives the default rules from a device group, you can also override the device group settings. The firewall or virtual system where you perform the override stores a local version of the rule in its configuration. The settings you can override are a subset of the full set (the following table lists the subset for security rules). For details on the default security rules, see Policies > Security.
To override a rule, select PoliciesSecurity on a firewall or PoliciesSecurityDefault Rules on Panorama. The Name column displays the inheritance icon ( ) for rules you can override. Select the rule, click Override, and edit the settings in the following table.
To revert an overridden rule to its predefined settings or to the settings pushed from a Panorama device group, select PoliciesSecurity on a firewall or PoliciesSecurityDefault Rules on Panorama. The Name column displays the override icon ( ) for rules that have overridden values. Select the rule, click Revert, and click Yes to confirm the operation.
Fields to Override a Default Security Rule
The Name that identifies the rule is read-only; you cannot override it.
The Rule Type is read-only; you cannot override it.
The Description is read-only; you cannot override it.
Select Tags from the drop-down.
A policy tag is a keyword or phrase that enables you to sort or filter policies. This is useful when you have defined many policies and want to view those that are tagged with a particular keyword. For example, you might want to tag certain security policies with Inbound to DMZ, tag specific decryption policies with the words Decrypt or No-decrypt, or use the name of a specific data center for policies associated with that location.
Select the appropriate Action for traffic that matches the rule.
Profile Type—Assign profiles or profile groups to the security rule:
Specify any combination of the following options:
Building Blocks in a Security Policy Rule
Building Blocks in a Security Policy Rule The following section describes each component in a Security policy rule . When you create a Security policy ...
Creating and Managing Policies
Creating and Managing Policies Select the Policies Security page to add , modify, and manage security policies: Task Description Add To add a new policy ...
Tunnel Content Inspection Logging
For tunnel content inspection, override log settings for Security policy rules to log cleartext tunnel sessions at session start, session end, or both. ...
Set Up or Override a Default Security Profile Group
Set Up or Override a Default Security Profile Group Use the following options to set up a default security profile group to be used in ...
Create Internet-to-Data-Center Application Whitelist Rules
Create whitelist rules that allow only sanctioned application traffic access to the data center from external partners, customers, vendors, and other necessary third parties, and ...
Security Policy Overview
Security Policy Overview Security policies allow you to enforce rules and take action, and can be as general or specific as needed. The policy rules ...
Defining Policies on Panorama
Defining Policies on Panorama Device Groups on Panorama™ allow you to centrally manage firewall policies. You create policies on Panorama either as Pre Rules or ...
Security Policy Security policy protects network assets from threats and disruptions and aids in optimally allocating network resources for enhancing productivity and efficiency in business ...
Assess Network Traffic
Assess Network Traffic Now that you have a basic security policy, you can review the statistics and data in the Application Command Center (ACC), traffic ...