config firewall policy
Configure policies.
Syntax
config firewall policy
edit <policyid>
set action [accept|deny]
set application-list {string}
set av-profile {string}
set comments {var-string}
set custom-log-fields <field-id1>, <field-id2>, ...
set dstaddr <name1>, <name2>, ...
set dstintf <name1>, <name2>, ...
set ips-sensor {string}
set logtraffic [all|utm|...]
set name {string}
set nat [enable|disable]
set profile-group {string}
set profile-protocol-options {string}
set profile-type [single|group]
set service <name1>, <name2>, ...
set srcaddr <name1>, <name2>, ...
set srcintf <name1>, <name2>, ...
set ssl-ssh-profile {string}
set status [enable|disable]
set utm-status [enable|disable]
set webfilter-profile {string}
next
end
Parameters
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
action |
Policy action (accept/deny). |
option |
- |
accept |
||||||||
|
|
|
|||||||||||
|
application-list |
Name of an existing Application list. |
string |
Maximum length: 35 |
|||||||||
|
av-profile |
Name of an existing Antivirus profile. |
string |
Maximum length: 35 |
|||||||||
|
comments |
Comment. |
var-string |
Maximum length: 1023 |
|||||||||
|
custom-log-fields |
Custom fields to append to log messages for this policy. Custom log field. |
string |
Maximum length: 35 |
|||||||||
|
dstaddr |
Destination IPv4 address and address group names. Address name. |
string |
Maximum length: 79 |
|||||||||
|
dstintf |
Outgoing (egress) interface. Interface name. |
string |
Maximum length: 79 |
|||||||||
|
ips-sensor |
Name of an existing IPS sensor. |
string |
Maximum length: 35 |
|||||||||
|
logtraffic |
Enable or disable logging. Log all sessions or security profile sessions. |
option |
- |
utm |
||||||||
|
|
|
|||||||||||
|
name |
Policy name. |
string |
Maximum length: 35 |
|||||||||
|
nat |
Enable/disable source NAT. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
policyid |
Policy ID. |
integer |
Minimum value: 1 Maximum value: 65535 |
1 |
||||||||
|
profile-group |
Name of profile group. |
string |
Maximum length: 35 |
|||||||||
|
profile-protocol-options |
Name of an existing Protocol options profile. |
string |
Maximum length: 35 |
default |
||||||||
|
profile-type |
Determine whether the firewall policy allows security profile groups or single profiles only. |
option |
- |
single |
||||||||
|
|
|
|||||||||||
|
service |
Service and service group names. Service and service group names. |
string |
Maximum length: 79 |
|||||||||
|
srcaddr |
Source IPv4 address and address group names. Address name. |
string |
Maximum length: 79 |
|||||||||
|
srcintf |
Incoming (ingress) interface. Interface name. |
string |
Maximum length: 79 |
|||||||||
|
ssl-ssh-profile |
Name of an existing SSL SSH profile. |
string |
Maximum length: 35 |
no-inspection |
||||||||
|
status |
Enable or disable this policy. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
utm-status |
Enable to add one or more security profiles (AV, IPS, etc.) to the firewall policy. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
webfilter-profile |
Name of an existing Web filter profile. |
string |
Maximum length: 35 |
|||||||||