Addto choose source zones (default is any). Zones must be of the same type (Layer 2, Layer 3, or virtual wire). To define new zones, refer to Network > Zones.
Multiple zones can be used to simplify management. For example, if you have three different internal zones (Marketing, Sales, and Public Relations) that are all directed to the untrusted destination zone, you can create one rule that covers all cases.
Addto add source addresses, address groups, or regions (default is any). Select from the drop-down, or click
Address Group, or
Regionsat the bottom of the drop-down, and specify the settings. Select
Negateto choose any address except the configured ones.
Addto choose the source users or groups of users subject to the policy. The following source user types are supported:
If the firewall collects user information from a RADIUS, TACACS+, or SAML identity provider server and not from the User-ID™ agent, the list of users does not display; you must enter user information manually.