page to create
and manage Authentication policy rules:
Perform the following prerequisites before
creating Authentication policy rules:
the User-ID™ Captive Portal settings (see Device
> User Identification > Captive Portal Settings). The firewall uses
Captive Portal to display the first authentication factor that the
Authentication rule requires. Captive Portal also enables the firewall
to record the timestamps associated with authentication Timeout periods
and to update user mappings.
Configure a server profile that specifies how the firewall
can access the service that will authenticate users (see Device
> Server Profiles).
Select a rule on which to base the new rule and click
. The firewall inserts the copied rule, named <rulename>#,
below the selected rule, where # is the next available integer that
makes the rule name unique, and generates a new UUID for the cloned
rule. For details, see Move
or Clone a Policy Rule.
To identify rules that have not matched
traffic since the last time the firewall was restarted,
. You can then decide whether to disable
or delete unused rules. The page highlights unused rules with a
dotted yellow background.
Preview rules (
view a list of the rules before you push the rules to the managed
firewalls. Within each rulebase, the page visually demarcates the
rule hierarchy for each device group (and managed firewall) to facilitate
scanning of numerous rules.