Creating Global Rules

Rules manage network traffic. They can be used in specific correlation scenarios or applied globally to all network traffic.

The following example shows how to create a global rule to block YouTube traffic. For this purpose, you need to specify a rule condition and a rule action.

Tip

Refer to Rules in the interface reference chapter to see what other conditions and actions are available for rules.

1. Navigate to Policy > Rules.

2. Click Add Global Rule to create a new global rule.

3. Enter general information on the rule:

   • Assign a Name, e.g. Block YouTube.

   • Optional: Add a Note.

4. Specify what traffic the rule will match:

   • In the Source & Destination section, set Source Networks and Destination Networks to Any to include all traffic sources and destinations.

   • In the Conditions section, narrow down the scope of the rule:

     • Enable Classification by clicking the slider switch.

     • Under Included Applications/Protocols, enter youtube into the input field. This way, the action of this rule is only applied to YouTube traffic.

       

       Traffic classification by application.

5. In the Actions section, specify how traffic that matches the rule will be handled:

   • Enable Final Action by clicking the slider switch.

   • Select Reject Traffic and Stop Processing.

     

     Reject matching traffic.

6. Click SAVE to store this rule.

7. Click the APPLY CHANGES button at the top of the menu bar to activate your configuration changes.

When this rule is enabled, Threat Defender rejects all YouTube traffic.

Note

The difference between the “Drop” and “Reject” rule action is that dropping traffic does not take the sender into account. Dropping therefore silently discards the packets. Reject, however, notifies all parties by sending a TCP reset (if possible) that the packets are discarded.

---

Additional References:

For further information on the settings options, see Rules.