EasyManua.ls Logo

Quantum SPARK 1500 - Configuring Access Rules

Quantum SPARK 1500
461 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Working with the Firewall Access Policy
R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide|219
The "Ask" action
The outgoing Rule Base gives the option to set an Ask action instead of just allow or block for
browser based applications. There are several commonly used cases where this is helpful:
n
This action can be used for traffic that is normally not allowed in your organization, but
you do want it to be available for work-related purposes. End users are asked if they
need to browse for work-related purposes and can continue without requiring the
administrator to make changes to the access policy for this single event. For example,
traffic to Facebook is generally blocked but you want your HR department to be able to
access it for work-related purposes.
n
This action for traffic to uncategorized URLs can also give security against malware that
managed to be installed inside your organization. Such malware is blocked by the Ask
action.
Configuring Access Rules
To create a new manually defined access rule:
1. Click the arrow next to New. When the page shows both Rule Bases, click New in the
appropriate table.
2. Click one of the available positioning options for the rule:
Top Rule, Bottom Rule, Above Selected, or Under Selected.
The Add Rule window opens. It shows the rule fields in two ways:
n
A rule summary sentence with default values.
n
A table with the rule base fields in a table.
3. Click the links in the rule summary or the table cells to select network objects or options
that fill out the rule base fields. See the descriptions above.
Note - The Application field applies only to outgoing rules.
In the Source field, you can optionally select between entering a manual IP address
(network), a network object, a domain object, or a user group (to configure a user based
policy, make sure the User Awareness blade is activated). Users can be defined locally
on the appliance or externally in an Active Directory.
For more details, see the Access Policy > User Awareness Blade Control page.
4. In the Write a comment field, enter optional text that describes the rule. This is shown as
a comment below the rule in the Access Policy.

Table of Contents

Related product manuals