The Firewall Rule Administration tab
You can administer the firewall rules, objects from this tab (Firewall rule management).
Devices supported with this feature
For complete list of devices supported for this feature refer Supported Vendors page.
Fields | Description |
Mode | API CLI Select the mode to push the object in to the firewall. |
Type | Network Group Host DNS Domain Network Address Range |
Address Group Name | |
Address Description | |
Members List | Existing list of local objects (members) |
The network object will be added and displayed under Local Objects section, Review & Push tab.
Fields | Description |
Mode | API CLI Select the mode to push the object in to the firewall. |
Type | Network Group Host DNS Domain Network Address Range |
Address Group Name | |
Address Description | |
Members List | Existing list of local objects (members) |
The network object will be added and displayed under Local Objects section, Review & Push tab.
Fields | Description |
Mode | API CLI Select the mode to push the object in to the firewall. |
Type |
TCP Service |
Service Name | |
Service Description | |
Service Port | Existing list of local objects (members) |
The service object will be added and displayed under Local Objects section, Review & Push tab.
Fields | Description |
Mode | API CLI Select the mode to push the object in to the firewall. |
Type |
TCP Service |
Service Name | |
Service Description | |
Service Port | Existing list of local objects (members) |
The service object will be added and displayed under Local Objects section, Review & Push tab.
Fields | Description |
Mode | API CLI Select the mode to push the rule in to the firewall. |
Rule Name | Assign a name to the new rule to be created. |
Rule Description | Description of the new rule. |
Rule Action | Accept Drop Reject |
Rule Status | Enable Disable |
Policy Name | Name of the policy in which the new rule will be placed. |
Source | Source of traffic. Select an existing source address using Select Source drop down list or click Add button to add a new network object to assign it as a source. |
Destination | Destination of traffic. Select an existing destination address using Select Destination drop down list or click Add button to add a new network object to assign it as a destination. |
Services | Services governed by this new rule. Select an existing service using Select Service drop down list or click Add button to add a new service object to assign it as a service. |
VPN | Select an existing VPN community using Select VPN Community drop down list. |
Log Settings | Enable Track Account check box |
Install On | The device in which the rule should be installed. |
The security rule will be added and displayed under Local Rules section, Review & Push tab.
Fields | Description |
Mode | API CLI Select the mode to push the rule in to the firewall. |
Rule Name | Assign a name to the new rule to be created. |
Rule Description | Description of the new rule. |
Rule Action | Accept Drop Reject |
Rule Status | Enable Disable |
Policy Name | Name of the policy in which the new rule will be placed. |
Source | Source of traffic. Select an existing source address using Select Source drop down list or click Add button to add a new network object to assign it as a source. |
Destination | Destination of traffic. Select an existing destination address using Select Destination drop down list or click Add button to add a new network object to assign it as a destination. |
Services | Services governed by this new rule. Select an existing service using Select Service drop down list or click Add button to add a new service object to assign it as a service. |
VPN | Select an existing VPN community using Select VPN Community drop down list. |
Log Settings | Enable Track Account check box |
Install On | The device in which the rule should be installed. |
The security rule will be added and displayed under Local Rules section, Review & Push tab.
The new rules, objects created will be displayed in the Local Rules, Local Objects section the respective object, rule tab. Apart from that, they will displayed in the Review and Push tab.
Fields | Description |
Select Device | Non-editable field |
Mode | API Non-editable field |
Web Server URL |
Enter the PaloAlto Web Server URL. |
Username | Enter the username of the server. |
Password | Enter the password of the server. |
Fields | Description |
Select Device | Non-editable field |
Mode | CLI Non-editable field |
Protocol |
SSH |
Login Name | Enter the login name of the server. |
Password | Enter the password of the server. |
Prompt |
Fields | Description |
Select Device | Non-editable field |
Mode | CLI Non-editable field |
Protocol |
SSH |
Port | The port to be used for the above selected protocol. |
Login Prompt | Enter the login name of the server. |
Password Prompt | Enter the password of the server. |
Enable User Prompt | |
Enable Password Prompt | |
Banner Prompt | |
Banner Input | |
Timeout | |
Enable Command | |
Enable Username | |
Enable Password | |
Enable Prompt | |
Pre-execution commands | |
Managed by Panorama |
Fields | Description |
Select Device | Non-editable field |
Mode | API Non-editable field |
Management Server URL/ Multi-Domain Server URL |
Enter the Check Point Management Server URL. If you are using Check Point multi-domain setup, enter the Multi-Domain Server URL. |
Login Name | Enter the login name of the server. |
Password | Enter the password of the server. |
Domain Name | If you have the Domain Name, select the check box and enter the domain name. |
Fields | Description |
Select Device | Non-editable field |
Mode | CLI Non-editable field |
Protocol | SSH Telnet Protocol to be used for pushing rule, object in CLI mode. |
Port | The port to be used for the above selected protocol. |
Management Server IP |
Enter the Check Point Management Server IP. |
Login Username | Enter the login name of the server. |
Login Password | Enter the password of the server. |
Security Management Administrator Username | |
Security Management Administrator Password | |
Prompt | |
Timeout | |
Domain Name | If you have the Domain Name, select the check box and enter the domain name. |
You can edit or delete the object, rule in this tab.
It will not take effect unless the object, rule is commited (use Commit button in the case PaloAlto device) or policy installed (use Install Policy button in the case of Check Point device).
The new rules, objects pushed to the firewall will be displayed in the Yet to Commit section of the Commit tab.
The new rules, objects created will be displayed Commit tab.
'Install Policy' action for Check Point firewalls
'Cleanup' action for Check Point firewalls