Creating Global Rules

Rules manage network traffic. They can be used in specific correlation scenarios or applied globally to all network traffic.

The following example shows how to create a global rule to block YouTube traffic. For this purpose, you need to specify a rule condition and a rule action.

Refer to Rules in the interface reference chapter to see what other conditions and actions are available for rules.

  1. Navigate to Policy > Rules.
  2. Click ADD GLOBAL RULE to create a new global rule.
  3. Assign a Name, e.g. Block YouTube.
  4. Optional: Add a Note.
  5. Configure the following settings:

    • In the Source & Destination section, set Source Networks and Destination Networks to Any.
    • In the Conditions section:

      • Enable Classification by clicking the slider switch.
      • Under Included Applications/Protocols, enter YouTube into the input field.
        This way, the action of this rule is only applied to YouTube traffic.

        Traffic classification by application
        Fig. 1: Traffic classification by application.
    • In the Actions section:

      • Enable Final Action by clicking the slider switch.
      • Select Reject Traffic and Stop Processing.

        Reject matching traffic
        Fig. 2: Reject matching traffic.
  6. Click SAVE to store this rule.

  7. Click the APPLY CHANGES button in the header to activate your configuration changes.

When this rule is enabled, Threat Defender rejects all YouTube traffic.

The difference between the "Drop" and "Reject" rule action is that dropping traffic does not take the sender into account. Dropping therefore silently discards the packets.
Reject, however, notifies all parties by sending a TCP reset (if possible) that the packets are discarded.

Additional References:

For further information on the settings options, see Rule Settings.

results matching ""

    No results matching ""