Creating Global Rules¶
Rules manage network traffic. They can be used in specific correlation scenarios or applied globally to all network traffic.
The following example shows how to create a global rule to block YouTube traffic. For this purpose, you need to specify a rule condition and a rule action.
Refer to Rules in the interface reference chapter to see what other conditions and actions are available for rules.
Navigate to Policy > Rules.
Click Add Global Rule to create a new global rule.
Enter general information on the rule:
Assign a Name, e.g.
Optional: Add a Note.
Specify what traffic the rule will match:
In the Source & Destination section, set Source Networks and Destination Networks to
Anybecause in we do not want to limit this rule to certain traffic sources or destinations.
In the Conditions section, narrow down the scope of the rule:
Enable Classification by clicking the slider switch.
Under Included Applications/Protocols, enter
youtubeinto the input field. This way, the action of this rule is only applied to YouTube traffic.
In the Actions section, specify how traffic that matches the rule will be handled:
Enable Final Action by clicking the slider switch.
Select Reject Traffic and Stop Processing.
Click SAVE to store this rule.
Click the APPLY CHANGES button in the header to activate your configuration changes.
When this rule is enabled, Threat Defender rejects all YouTube traffic.
The difference between the “Drop” and “Reject” rule action is that dropping traffic does not take the sender into account. Dropping therefore silently discards the packets. Reject, however, notifies all parties by sending a TCP reset (if possible) that the packets are discarded.
For further information on the settings options, see Rules.