Creating Global Rules

Rules manage network traffic. They can be used in specific correlation scenarios or applied globally to all network traffic.

The following example shows how to create a global rule to block YouTube traffic. For this purpose, you need to specify a rule condition and a rule action.


Refer to Rules in the interface reference chapter to see what other conditions and actions are available for rules.

  1. Navigate to Policy > Rules.

  2. Click Add Global Rule to create a new global rule.

  3. Enter general information on the rule:

    • Assign a Name, e.g. Block YouTube.

    • Optional: Add a Note.

  4. Specify what traffic the rule will match:

    • In the Source & Destination section, set Source Networks and Destination Networks to Any because in we do not want to limit this rule to certain traffic sources or destinations.

    • In the Conditions section, narrow down the scope of the rule:

      • Enable Classification by clicking the slider switch.

      • Under Included Applications/Protocols, enter youtube into the input field. This way, the action of this rule is only applied to YouTube traffic.

        Traffic classification

        Traffic classification by application.

  5. In the Actions section, specify how traffic that matches the rule will be handled:

    • Enable Final Action by clicking the slider switch.

    • Select Reject Traffic and Stop Processing.

      Final action

      Reject matching traffic.

  6. Click SAVE to store this rule.

  7. Click the APPLY CHANGES button in the header to activate your configuration changes.

When this rule is enabled, Threat Defender rejects all YouTube traffic.


The difference between the “Drop” and “Reject” rule action is that dropping traffic does not take the sender into account. Dropping therefore silently discards the packets. Reject, however, notifies all parties by sending a TCP reset (if possible) that the packets are discarded.

Additional References:

For further information on the settings options, see Rules.