Working with the Firewall Access Policy
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 167
The "Ask" action
The outgoing Rule Base gives the option to set an Ask action instead of just allow or block for browser
based applications. There are several commonly used cases where this is helpful:
n
This action can be used for traffic that is normally not allowed in your organization, but you do want it
to be available for work-related purposes. End users are asked if they need to browse for work-related
purposes and can continue without requiring the administrator to make changes to the access policy
for this single event. For example, traffic to Facebook is generally blocked but you want your HR
department to be able to access it for work-related purposes.
n
This action for traffic to uncategorized URLs can also give security against malware that managed to
be installed inside your organization. Such malware is blocked by the Ask action.
Configuring Access Rules
To create a new manually defined access rule:
1. Click the arrow next to New. When the page shows both Rule Bases, click New in the appropriate
table.
2. Click one of the available positioning options for the rule:
On Top, On Bottom, Above Selected, or Under Selected.
The Add Rule window opens. It shows the rule fields in two ways:
n
A rule summary sentence with default values.
n
A table with the rule base fields in a table.
3. Click the links in the rule summary or the table cells to select network objects or options that fill out the
rule base fields. See the descriptions above.
Note - The Application field is relevant only for outgoing rules.
In the Source field, you can optionally select between entering a manual IP address (network), a
network object, a domain object, or a user group (to configure a user based policy, make sure the
User Awareness blade is activated). Users can be defined locally on the appliance or externally in an
Active Directory.
For more details, see the Access Policy > User Awareness Blade Control page.
4. In the Write a comment field, enter optional text that describes the rule. This is shown as a comment
below the rule in the Access Policy.
5. To limit the rule to a certain time range, select Apply only during this time and select the start and
end times.
6. In outgoing rules, to limit the download traffic rate, select Limit download traffic of applications to
and enter the Kpbs rate.
7. In outgoing rules, to limit the upload traffic rate, select Limit upload traffic of applications to and
enter the Kpbs rate.
8. In incoming rules, to match only for encrypted VPN traffic, select Match only for encrypted traffic.
9. Click Apply.
The rule is added to the outgoing or incoming section of the Access Policy.
To Next Page
Loading...
Need help?
General
