Operation: Security Policy Add / Edit Security Policy
Description: To Create/Edit Security Policy. 

Sample Configuration
<SecurityPolicy> <Name>rulename</Name> <Description>rule description</Description> <Status>Disable/Enable</Status> <IPFamily>IPv4/IPv6</IPFamily> <Position>top/bottom/after/before</Position> <!-- After and Before Tag Apply only for Set Request --> <After> <Name>Policy name after which Policy Inserted </Name> </After> <Before> <Name>Policy name before which Policy Inserted </Name> </Before> <PolicyType>User/Network/HTTPBased/NonHTTPBased/PublicNonHTTPPolicy</PolicyType> <UserPolicy> <SourceZones> <Zone>Any/LAN/DMZ/VPN/WAN</Zone> <Zone>Any/LAN/DMZ/VPN/WAN</Zone> </SourceZones> <SourceNetworks> <Network>Source Network</Network> <Network>Source Network</Network> : </SourceNetworks> <Services> <Service>servicename</Service> : </Services> <Schedule>All The Time</Schedule> <ScanFTP>Enable/Disable</ScanFTP> <ScanHTTP>Enable/Disable</ScanHTTP> <ScanHTTPS>Enable/Disable</ScanHTTPS> <Sandstorm>Enable/Disable</Sandstorm> <DestinationZones> <Zone>Any/WAN/LAN/LOCAL/VPN</Zone> <Zone>Any/WAN/LAN/LOCAL/VPN</Zone> </DestinationZones> <DestinationNetworks> <Network>Destinaiton Network</Network> <Network>Destinaiton Network</Network> : </DestinationNetworks> <MatchIdentity>Enable/Disable</MatchIdentity> <ShowCaptivePortal>Enable/Disable</ShowCaptivePortal> <Identity> <Member>users/groups</Member> : </Identity> <DataAccounting>Include/Exclude</DataAccounting> <RewriteSourceAddress>Enable/Disable</RewriteSourceAddress> <OutboundAddress>SelectNATPolicy</OutboundAddress> <PrimaryGateway>Load Balance</PrimaryGateway> <BackupGateway>None</BackupGateway> <DSCPMarking>0-Best Effort/1/2/3/4/5/6/7/8-Class 1(CS1)/9/10-Class 1,Gold(AF11)/11/12-Class1,Silver(AF12)/13/14-Class 1,Bronze(AF13)/15/16-Class 2(CS2)/17/18-Class 2,Gold(AF21)/19/20-Class 2,Silver(AF22)/21/22-Class 2,Bronze(AF23)/23/24-Class 3(CS3)/25/26-Class 3,Gold(AF31)/27/28-Class 3,Silver(AF32)/29/30-Class 3,Bronze(AF33)/31/32-Class 4(CS4)/33/34-Class 4,Gold(AF41)/35/36-Class 4,Silver(AF42)/37/38-Class 4,Bronze(AF43)/39/40-Class 5(CS5)/41/42/43/44/45/46-Expedited Forwarding(EF)/47/48-Control(CS6)/49/50/51/52/53/54/55/56-Control(CS7)/57/58/59/60/61/62/63</DSCPMarking> <ApplicationControl>Allow All</ApplicationControl> <ApplicationBaseQoSPolicy>Apply/Revoke</ApplicationBaseQoSPolicy><!-- this tag is only appliacable only when any ApplicationFilter is selected. --> <WebFilter>Allow All</WebFilter> <WebCategoryBaseQoSPolicy>Apply/Revoke</WebCategoryBaseQoSPolicy><!-- this tag is only appliacable only when any WebFilter is selected. --> <LogTraffic>Enable/Disable</LogTraffic> </UserPolicy> <NetworkPolicy> <SourceZones> <Zone>Any/LAN/DMZ/VPN/WAN</Zone> <Zone>Any/LAN/DMZ/VPN/WAN</Zone> </SourceZones> <SourceNetworks> <Network>Source Network</Network> <Network>Source Network</Network> : </SourceNetworks> <Services> <Service>servicename</Service> : </Services> <Schedule>All The Time</Schedule> <DestinationZones> <Zone>Any/WAN/LAN/LOCAL/VPN</Zone> <Zone>Any/WAN/LAN/LOCAL/VPN</Zone> </DestinationZones> <DestinationNetworks> <Network>Destinaiton Network</Network> <Network>Destinaiton Network</Network> : </DestinationNetworks> <Action>Accept/Reject/Drop</Action> <MatchIdentity>Enable/Disable</MatchIdentity> <Identity> <Member>users of firewallrule</Member> : </Identity> <DataAccounting>Include/Exclude</DataAccounting> <RewriteSourceAddress>Enable/Disable</RewriteSourceAddress> <OutboundAddress>SelectNATPolicy</OutboundAddress> <PrimaryGateway>Load Balance</PrimaryGateway> <BackupGateway>None</BackupGateway> <DSCPMarking>0-Best Effort/1/2/3/4/5/6/7/8-Class 1(CS1)/9/10-Class 1,Gold(AF11)/11/12-Class1,Silver(AF12)/13/14-Class 1,Bronze(AF13)/15/16-Class 2(CS2)/17/18-Class 2,Gold(AF21)/19/20-Class 2,Silver(AF22)/21/22-Class 2,Bronze(AF23)/23/24-Class 3(CS3)/25/26-Class 3,Gold(AF31)/27/28-Class 3,Silver(AF32)/29/30-Class 3,Bronze(AF33)/31/32-Class 4(CS4)/33/34-Class 4,Gold(AF41)/35/36-Class 4,Silver(AF42)/37/38-Class 4,Bronze(AF43)/39/40-Class 5(CS5)/41/42/43/44/45/46-Expedited Forwarding(EF)/47/48-Control(CS6)/49/50/51/52/53/54/55/56-Control(CS7)/57/58/59/60/61/62/63</DSCPMarking> <LogTraffic>Enable/Disable</LogTraffic> </NetworkPolicy> <NonHTTPBasedPolicy> <SourceZones> <Zone>Any/LAN/DMZ/VPN/WAN</Zone> <Zone>Any/LAN/DMZ/VPN/WAN</Zone> </SourceZones> <SourceNetworks> <Network>Source Network</Network> <Network>Source Network</Network> : </SourceNetworks> <ExceptionNetworks> <Network>Exception Network</Network> <Network>Exception Network</Network> : </ExceptionNetworks> <HostedAddress>Address</HostedAddress> <ScanSMTP>Enable/Disable</ScanSMTP> <ScanIMAP>Enable/Disable</ScanIMAP> <ScanPOP3>Enable/Disable</ScanPOP3> <ScanSMTPS>Enable/Disable</ScanSMTPS> <ScanPOP3S>Enable/Disable</ScanPOP3S> <ProtectedZone>Any/LAN/DMZ/VPN/WAN</ProtectedZone> <ProtectedServers> <Server>Source Network</Server> <Server>Source Network</Server> : </ProtectedServers> <ForwardPorts>All/Specific</ForwardPorts> <Protocol>TCP/UDP</Protocol> <ExternalPort>80</ExternalPort> <ExternalPortRange> <Start>100</Start> <End>200</End> </ExternalPortRange> <ExternalPortList>10,11,12</ExternalPortList> <MappedPort>60</MappedPort> <MappedPortRange> <Start>300</Start> <End>600</End> </MappedPortRange> <MappedPortList>15,16,17</MappedPortList> <RewriteSourceAddress>Enable/Disable</RewriteSourceAddress> <OutboundAddress>SelectNATPolicy</OutboundAddress> <MatchIdentity>Enable/Disable</MatchIdentity> <ShowCaptivePortal>Enable/Disable</ShowCaptivePortal> <Identity> <Member>users/groups</Member> : </Identity> <DataAccounting>Include/Exclude</DataAccounting> <ReflexiveRule>Yes/No</ReflexiveRule> <LogTraffic>Enable/Disable</LogTraffic> </NonHTTPBasedPolicy> <PublicNonHTTPBasedPolicy> <SourceZones> <Zone>Any/LAN/DMZ/VPN/WAN</Zone> <Zone>Any/LAN/DMZ/VPN/WAN</Zone> </SourceZones> <HostedAddress>Address</HostedAddress> <ScanSMTP>Enable/Disable</ScanSMTP> <ScanIMAP>Enable/Disable</ScanIMAP> <ScanPOP3>Enable/Disable</ScanPOP3> <ScanSMTPS>Enable/Disable</ScanSMTPS> <ScanPOP3S>Enable/Disable</ScanPOP3S> <RewriteSourceAddress>Enable/Disable</RewriteSourceAddress> <OutboundAddress>SelectNATPolicy</OutboundAddress> <MatchIdentity>Enable/Disable</MatchIdentity> <ShowCaptivePortal>Enable/Disable</ShowCaptivePortal> <Identity> <Member>users/groups</Member> : </Identity> <DataAccounting>Include/Exclude</DataAccounting> <LogTraffic>Enable/Disable</LogTraffic> </PublicNonHTTPBasedPolicy> <HTTPBasedPolicy> <!--HTTP base policy is only applicable for IPv4--> <HostedAddress>Address</HostedAddress> <HTTPS>Enable/Disable</HTTPS> <RedirectHTTP>Enable/Disable</RedirectHTTP> <ListenPort>80</ListenPort> <Domains> <Domain /> <Domain /> : </Domains> <!--Use Either Authentication,AllowFrom,BlockFrom or AccessPaths --> <Authentication /> <AllowFrom> <Address /> <Address /> : </AllowFrom> <BlockFrom> <Address /> <Address /> : </BlockFrom> <AccessPaths> <AccessPath><!-- At present AccessPath Attributes are name as it is in database and values of enable/disable is mapped as 1/0. --> <path>/access</path> <backend /> <backend /> <auth_profile /> <allowed_networks /> <allowed_networks /> : <denied_networks /> <denied_networks /> : <stickysession_status>1/0</stickysession_status> <hot_standby>1/0</hot_standby> </AccessPath> <AccessPath> <Path>/useraccess</Path> <backend /> <backend /> <auth_profile /> <allowed_networks /> <allowed_networks /> : <denied_networks /> <denied_networks /> : <stickysession_status>1/0</stickysession_status> <hot_standby>1/0</hot_standby> </AccessPath> : </AccessPaths> <Exceptions> <Exception> <!-- At present Exception Attributes are name as it is in database and values of enable/disable is mapped as 1/0. --> <path>psql</path> <path>abcd</path> <op>and/or</op> <source /> <source /> <skip_threats_filter_categories>protocol_violations</skip_threats_filter_categories> <skip_threats_filter_categories>protocol_anomalies</skip_threats_filter_categories> <skip_threats_filter_categories>request_limits</skip_threats_filter_categories> <skip_threats_filter_categories>http_policy</skip_threats_filter_categories> <skip_threats_filter_categories>bad_robots</skip_threats_filter_categories> <skip_threats_filter_categories>generic_attacks</skip_threats_filter_categories> <skip_threats_filter_categories>sql_injection_attacks</skip_threats_filter_categories> <skip_threats_filter_categories>xss_attacks</skip_threats_filter_categories> <skip_threats_filter_categories>tight_security</skip_threats_filter_categories> <skip_threats_filter_categories>trojans</skip_threats_filter_categories> <skipav>1</skipav> <skipbadclients>0</skipbadclients> <skipcookie>1</skipcookie> <skipform>0</skipform> <skipurl>1</skipurl> </Exception> <Exception> : : </Exception> : </Exceptions> <ProtocolSecurity /> <CompressionSupport>Disable/Enable</CompressionSupport> <RewriteHTML>Enable/Disable</RewriteHTML> <RewriteCookies>Enable/Disable</RewriteCookies> <PassHostHeader>Enable/Disable</PassHostHeader> </HTTPBasedPolicy> <IntrusionPrevention>None</IntrusionPrevention> <TrafficShapingPolicy>None</TrafficShapingPolicy> <SourceSecurityHeartbeat>Enable/Disable</SourceSecurityHeartbeat> <MinimumSourceHBPermitted /> <DestSecurityHeartbeat>Enable/Disable</DestSecurityHeartbeat> <MinimumDestinationHBPermitted /> </SecurityPolicy>



Parameter Mandatory Default Description
stickysession_idNo  
Enter the session ID.
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
DomainsYes  
Enter the domains the web server is responsible for as FQDN.
Domains confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Multiple values are allowed.
Note:
According to the selected HTTPS certificate, some domains may be preselected. You can edit or delete these domains or add new ones..
ListenPortYes 80 if 'HTTPS' is disabled or 443 is 'HTTPS' is enabled. 
Enter a port number on which the hosted web server can be reached externally, over the Internet.
ListenPort confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Range 1 to 65535 is allowed.
skipcookieNo Disable 
Select this to 'Skip Cookie Signing'. Cookie signing protects a web server against manipulated cookies.
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
ActionNo Drop 
Specify action for the rule traffic.
Action confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '2', '7' are allowed.
HTTPSCertificateNo  
Select the HTTPS certificate to be used for scanning.
HTTPSCertificate confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
skipform_missingtokenNo Select this to accept unhardened form data. 
Disable
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
skipavNo Disable 
Click this to skip 'Anti-Virus'. Anti-Virus is used to protect a web server against viruses.
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
skipbadclientsNo Disable 
Select this to skip 'Block Clients with bad reputation'. Based on GeoIPClosed and RBLClosed information you can block clients which have a bad reputation according to their classification.
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
RewriteCookiesNo Enable 
Select this option to have the device rewrite cookies of the returned webpages.
RewriteCookies confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
RedirectHTTPNo Disable 
Click to redirect HTTP requests.
RedirectHTTP confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
DSCPMarkingNo NULL 
Select DSCP Marking to classify flow of packets based on Traffic Shaping policy.
DSCPMarking confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
ScanSMTPNo OFF 
Enable/Disable scanning of SMTP traffic.
ScanSMTP confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0' are allowed.
SNat PolicyYes Masquerade 
Select the NAT policy to be applied from the list of available NAT policies.
SNat Policy confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
Note:
Applicable only when 'Rewrite source address' is Enabled..
HealthCheckNo OFF 
Click to enable health check for failover.
HealthCheck confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0' are allowed.
Note:
Applicable only if 'Load Balancing' is enabled..
MemberNo  
Select the user(s) or group(s) from the list of available options.
Member confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 256.
  • Multiple values are allowed.
IntrusionPreventionNo NULL 
Select IPS policy for the rule.
IntrusionPrevention confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
ScanPOP3No OFF 
Enable/Disable scanning of POP3 traffic.
ScanPOP3 confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0' are allowed.
Internet SchemeNo 
Select internet scheme to apply user based Application Filter Policy for the rule.
Internet Scheme confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0' are allowed.
PortYes  
Specify the Port number on which the server health is monitored.
Port confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Allowed numbers: 1 to 65535.
  • Maximum digits allowed are 5.
Note:
Applicable only if 'TCP Probe' Health Check Method is selected..
ApplicationControlNo NULL 
Select Application Filter Policy for the rule.
ApplicationControl confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
PrimaryGatewayNo  
Specify the Primary Gateway.
PrimaryGateway confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
Note:
Applicable only in case of Multiple Gateways.
opNo And 
Select the operation among AND or OR for Path and Source.
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Only 'and', 'or', 'AND', 'OR' are allowed.
Gateway Specific NatYes NULL 
Specify 'gwwise_nat_object'
Gateway Specific Nat confines to:
  • Type is 'ARRAY'.
  • Datatype is 'OBJECT'.
  • gwwise_nat_object
  • Multiple values are allowed.
TrafficShappingPolicyNo NULL 
Select Traffic Shaping policy for the rule.
TrafficShappingPolicy confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
LogTrafficNo Disable 
Enable traffic logging for the policy.
LogTraffic confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Only '1', '-1' are allowed.
websocket_passthroughNo  
Specify 'websocket_passthrough'
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
ScanHTTPNo OFF 
Select to enable virus and spam scanning for HTTP protocol.
ScanHTTP confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0' are allowed.
ProtectedZoneYes  
Select the zone to which the Web Server rule applies.
ProtectedZone confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
WebCategoryBaseQoSPolicyNo  
Select to limit bandwidth for the URLs categorized under the Web category.
WebCategoryBaseQoSPolicy confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
MinimumDestinationHBPermittedNo NoRestriction 
Select a minimum health status that a device must have to conform to this policy.
MinimumDestinationHBPermitted confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '2', '3' are allowed.
Gateway NameYes NULL 
Gateway Name
Gateway Name confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
IntervalYes 60 
Specify the time interval in seconds after which the health will be monitored.
Interval confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Range 5 to 65535 is allowed.
  • Maximum digits allowed are 5.
ZoneNo  
Select the destination zone(s) for the Rule.
Zone confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Multiple values are allowed.
stickysession_statusNo  
Select this option to ensure that each session will be bound to one web server.
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
ServiceNo  
Select Service/Service Groups to which the rule is to be applied.
Service confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 60.
  • Multiple values are allowed.
skipformNo Disable 
Click to skip 'Form Hardening'. Form hardening protects against web form rewriting.
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
WebFilterNo NULL 
Select Web Filter Policy for the rule.
WebFilter confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
skip_threats_filter_categoriesNo Disable 
Select various parameters that you want to skip in section 'Skip these categories', options available are 'Protocol Violations', 'Protocol Anomalies', 'Request Limits', 'HTTP Policy', 'Bad Robots', 'Generic Attacks', 'SQL Injection Attacks', 'XSS Attacks', 'Tight Security', 'Trojans' and 'Outbound'.
confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 30.
  • Only 'protocol_violations', 'protocol_anomalies', 'request_limits', 'http_policy', 'bad_robots', 'generic_attacks', 'sql_injection_attacks', 'xss_attacks', 'tight_security', 'trojans', 'common_exceptions', 'inbound_blocking', 'outbound', 'outbound_blocking', 'correlation' are allowed.
  • Multiple values are allowed.
skiphtmlrewriteNo Disable 
If selected, no data matching the defined exception settings will be modified by the WAF engine.
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
MappedPortYes  
Specify mapped port number on the destination network to which the public port number is mapped.
MappedPort confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Allowed numbers: 1 to 65535.
  • Maximum digits allowed are 5.
EnableSandstormNo OFF 
Select to enable sandstorm analysis.
EnableSandstorm confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0' are allowed.
ScanHTTPSNo OFF 
Select to enable virus and spam scanning for HTTPS protocol.
ScanHTTPS confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0' are allowed.
hot_standbyNo  
Select this option if you want to send all requests to the first selected web server, and use the other web servers only as a backup.
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
BlockDestinationReqWithNOHBNo OFF 
Enable/Disable to require the sending of heartbeats.
BlockDestinationReqWithNOHB confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
ShowCaptivePortalNo OFF 
Select to accept traffic from unknown users. Captive portal page is displayed to the user where the user can login to access the Internet.
ShowCaptivePortal confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Only 'true', 'false' are allowed.
StatusNo ON 
Enable/Disable the policy.
Status confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Only '$FIREWALL_RULE_DISABLED', '$FIREWALL_RULE_ENABLED' are allowed.
NetworkNo  
Specify Exception Host/Network Address to which rule is not to be applied.
Network confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 60.
  • Multiple values are allowed.
OutboundAddressNo NULL 
Select the NAT Policy to be applied.
OutboundAddress confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
Note:
Applicable only if Override default NAT policy for specific gateway is set as 'ON'..
backendYes  
Select the web servers which are to be used for the specified path.
confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Multiple values are allowed.
RetriesNo 
Specify the number of tries to probe the health of the server, after which the server will be declared unreachable.
Retries confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Range 1 to 10 is allowed.
  • Maximum digits allowed are 2.
denied_networksNo  
Select or add the denied networks that should be blocked on your hosted web server.
confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Multiple values are allowed.
HTTPSYes Disable 
Click to enable or disable scanning of HTTPS traffic.
HTTPS confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Only 'http', 'https' are allowed.
ScanPOP3SNo OFF 
Enable/Disable scanning of POP3S traffic.
ScanPOP3S confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0' are allowed.
ScheduleNo NULL 
Select Schedule for the Rule.
Schedule confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
ApplicationBaseQoSPolicyNo  
Select to limit the bandwidth for the applications categorized under the Application Category.
ApplicationBaseQoSPolicy confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
DescriptionNo  
Specify description for the Security Policy.
NetworkNo  
Select the allowed destination network(s).
Network confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 60.
  • Multiple values are allowed.
ExternalPortYes  
Specify public port number for which you want to configure port forwarding.
ExternalPort confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Allowed numbers: 1 to 65535.
  • Maximum digits allowed are 5.
ProtectedServerYes  
Select from the available options on which the Web Server is to be hosted.
ProtectedServer confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
RewriteHTMLNo Disable 
Select this option to have the device rewrite links of the returned webpages in order for the links to stay valid.
RewriteHTML confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
NameNo  
Specify a name for the Security Policy when inserting after and before policy.
Name confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Comma (,) is not allowed.
  • Maximum characters allowed are 60.
  • UTF-8 character(s) are allowed.
IPFamilyNo IPv4 
Select the Internet Protocol version.
IPFamily confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
skipurlNo Disable 
Select this to skip 'Static URL Hardening'. Static URL Hardening protects against URL rewriting.
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
ProbeMethodYes  
Select the probe method to check the health of the server from the available options.
ProbeMethod confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Only '1', '2' are allowed.
PolicyTypeYes  
Select the type of policy.
PolicyType confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '2', '3', '4', '5' are allowed.
Backup GatewayNo NULL 
Specify Backup Gateway.
Backup Gateway confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
HostedAddressYes  
Specify the address of the hosted server to which the rule applies.
HostedAddress confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
auth_profileNo  
Select the Authentication Policy. Select Create new to create a new Authentication Policy.
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
ScanIMAPNo OFF 
Enable/Disable scanning of IMAP traffic.
ScanIMAP confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0' are allowed.
SecurityHeartbeatNo OFF 
Enable/Disable to require the sending of heartbeats.
SecurityHeartbeat confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
ScanFTPNo OFF 
Enable/Disable scanning of FTP traffic.
ScanFTP confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0' are allowed.
MinimumHeartbeatPermittedNo NoRestriction 
Select a minimum health status that a device must have to conform to this policy.
MinimumHeartbeatPermitted confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '2', '3' are allowed.
Internet SchemeNo 
Select internet scheme to apply user based Web Filter Policy for the rule.
Internet Scheme confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0' are allowed.
ReflexiveRuleNo OFF 
Enable to automatically create a reflexive rule for the protected host.
ReflexiveRule confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0' are allowed.
NameYes  
Specify a name to identify the Security Policy.
Name confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Comma (,) is not allowed.
  • Maximum characters allowed are 60.
  • UTF-8 character(s) are allowed.
ScanIMAPSNo OFF 
Enable/Disable scanning of IMAPS traffic.
ScanIMAPS confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0' are allowed.
PassHostHeaderNo Disable 
When you select this option, the host header as requested by the client will be preserved and forwarded along with the web request to the web server. Whether passing the host header is necessary in your environment depends on the configuration of your web server.
PassHostHeader confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
pathYes  
Enter the path for which you want to create the site path route. Example: /products/.
confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Comma (,) is not allowed.
  • Maximum characters allowed are 63.
  • UTF-8 character(s) are allowed.
MatchIdentityNo OFF 
Enable to check whether the specified user/user group from the selected zone is allowed to access the selected service or not.
MatchIdentity confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Only 'true', 'false' are allowed.
ForwardPortsNo OFF 
Click slider to enable/disable the service of port forwarding.
ForwardPorts confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '6', '0' are allowed.
RewriteSourceAddressNo OFF 
Enable to apply NAT Policy.
RewriteSourceAddress confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0', '2' are allowed.
AuthenticationNo  
Select the Authentication Policy. Select Create new to create a new Authentication Policy.
Authentication confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
ProtocolNo TCP 
Select the protocol TCP or UDP that you want the forwarded packets to use.
Protocol confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '6', '17' are allowed.
ZoneNo  
Select the source zone(s) allowed to the user.
Zone confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Multiple values are allowed.
CompressionSupportNo Disable 
Select this to not send content in compressed form to client on request.
CompressionSupport confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '0', '1' are allowed.
DataAccountingNo OFF 
Select to exclude user's network traffic from data accounting.
DataAccounting confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Only 'true', 'false' are allowed.
Note:
This option is available only if the parameter 'Match rule-based on user identity' is enabled..
ScanSMTPSNo OFF 
Enable/Disable scanning of SMTPS traffic.
ScanSMTPS confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Only '1', '0' are allowed.
sourceNo  
Specify the source networks where the client request comes from and which are to be exempted from the selected check(s).
confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Multiple values are allowed.
HostedAddressYes  
Select the interface of the hosted server to which the rule applies. It is the public IP address through which Internet users access the internal server/host.
HostedAddress confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
NetworkNo  
Select the allowed source network(s).
Network confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 60.
  • Multiple values are allowed.
TimeoutYes 
Specify the time interval in seconds within which the server must respond.
Timeout confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Range 1 to 10 is allowed.
  • Maximum digits allowed are 2.



Operation   Status   Message
Edit Security Policy200
Edit Security Policy202
Edit Security Policy500
Edit Security Policy502
Edit Security Policy505
Edit Security Policy541
Edit Security Policy542
Edit Security Policy543
Edit Security Policy544
Edit Security Policy545
Edit Security Policy546
Edit Security Policy547
Edit Security Policy548
Edit Security Policy549
Edit Security Policy550
Edit Security Policy551
Edit Security Policy552
Security Policy Add200
Security Policy Add500
Security Policy Add502
Security Policy Add505
Security Policy Add541
Security Policy Add542
Security Policy Add543
Security Policy Add544
Security Policy Add545
Security Policy Add546
Security Policy Add547
Security Policy Add548
Security Policy Add549
Security Policy Add550
Security Policy Add551


) Copyright 2017 Sophos Limited. All rights reserved.
Sophos is registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.