Support Center > Search Results > SecureKnowledge Details
Managing Firewall Access Policy from the Security Management Portal Technical Level
Solution


Introduction:

The Security Management Portal (SMP) supports managing the Firewall Access Policy (Rule Base) for:

  • Small and Medium Business Appliances (600 and 700)
  • Branch Office Appliances (1100, 1400, 1500, 1600, 1800)
  • Ruggedized Appliances (1200R)

On the Security Software Blades -> Access Policy page, SMP administrator can create rules for a specified plan or gateway. These rules will set policy for:

  • Outgoing access to the Internet
  • Incoming, internal and VPN traffic

SMP administrator can configure pre-local rules or post-local rules:

  • Pre-local rules run before the local manual rules (which are created in the local settings of the Firewall Software Blades). A gateway local administrator cannot create manual rules to override pre-local rules configured by the SMP administrator.

  • Post-local rules run after the local manual rules. The SMP administrator configures recommended policy, and the local administrator can override it by creating manual rules.

Note: The gateway local administrator can only edit the manual rules. Pre/post-local rules are locked.

For more information about this feature, refer to SMP R12.30 Administration Guide.

Availability:

  • This feature is available on SMB gateways starting in R77.20.70.
  • This feature is supported on 1500,1600,1800 Quantum Spark gateways running R80.20.20 build 992001885 or higher.

Known Limitations: 

1. Rules for zone objects are not enforced if the target Gateway does not have the relevant ports.

For example:
  1. Rules with source or destination on “DMZ Network”, or  “LAN, DMZ Networks” would be disabled on appliances without a DMZ port (1530,1550).
  2. Rules with “Wireless Networks” on non WiFi appliance would be disabled.
  3. Rules with Internet on incoming rule base src would be disabled
  4. Multiple ports on services are not supported on 1500,1600, and 1800 appliances. The admin should not create a service with multiple ports.
2. For general known limitations, please refer to sk159772


Documentation:

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment