Adding/Editing Policy Rules

• All Gateways: This rule applies to all registered gateways.
• Selected Gateway Groups: Choose one or more gateway groups or selected gateways within one or more groups. Use the search box to narrow down the search results.

  • If you want to use interface objects as a source you must choose only a single Cloud Edge 50G2 gateway running Cloud Edge 6.0 or later.

  • Security profile settings in a policy rule are valid for Cloud Edge 50G2 gateways only. You can choose a single Cloud Edge 50G2 gateway or you can choose a gateway group that contains at least one Cloud Edge 50G2 gateway.

  For a matrix that describes this support, see Matrix: Policy Rules Settings by Gateway Model.

Interface objects are physical and virtual interfaces (including wireless interfaces and VLANs) and Site–to–Site VPNs connections. You can create interface groups that contain one or more of the available interface objects.

You can configure Interface Objects only if a single Cloud Edge 50G2 gateway running Cloud Edge 6.0 or later is chosen under Gateway Groups.

• Any: This rule applies to all interface objects and interface groups available for the selected gateway groups.
• Selected interface objects: Select which interface objects or interface groups to which the policy rule applies by moving selected objects from Select from to Select to.

• Select Any for the policy rule to affect all identity objects, which includes all users and groups, IP addresses/FQDNs, MAC addresses, and geolocations.

• Select Selected users / user groups for the policy rule to affect only specific users or groups.

• Select Selected IP addresses/FQDNs for the policy rule to affect only specific IP addresses or specific FQDNs.

• Select Selected MAC Addresses for the policy rule to affect only specific MAC addresses.

• Select Selected geolocations for the policy rule to affect only specific geolocations or geolocation groups.

  Note:

  If you select Selected geolocations as the source for a policy rule, gateways older than version 5.5 SP2 will ignore this policy rule because earlier Cloud Edge versions do not support geolocation.

• Select Selected device categories for the policy rule to affect only specific device categories.

• Select Any for the policy rule to affect all users and groups, addresses, and geolocations.

• Select Selected IP addresses/FQDNs for the policy rule to affect only specific IP addresses or specific FQDNs.

• Select Selected geolocations for the policy rule to affect only specific geolocations or geolocation groups.

  Note:

  If you select Selected geolocations as the destination for a policy rule, gateways older than version 5.5 SP2 will ignore this policy rule because earlier Cloud Edge versions do not support geolocation.

• Select Any for the policy rule to include all services (default).

• Select Selected services for the policy rule to include only specific services, then select the services to include.

• Select Any for the rule to include all applications and URL categories.

  Note: You must select Any if you want to specify Bypass as the action to take when policy violations occur.

• Select Selected content types for the rule to include only specific applications or URL categories, then under Applications and under URL categories select the applications or URL categories to include.

• Allow

• Block

• Bypass

  If the traffic matches the policy rule, allow the traffic while bypassing scanning.

• On: Turn on policy-specific settings
• Off: Turn off policy-specific settings
• Inherit: Inherit settings from the gateway's security profile (default)