Distributed Cloud Firewall Field Reference
This table describes the fields to configure when creating a Distributed Cloud Firewall (DCF) rule.
Field | Description | ||
---|---|---|---|
Name |
Distributed Cloud Firewall rule name. |
||
Source Groups |
The groups (SmartGroup, Default ThreatGroup, GeoGroup, SaaSGroup) that originate traffic. You must create the SmartGroups, GeoGroups, and SaaSGroups before creating a DCF rule.
|
||
Destination Groups |
The groups (SmartGroup, Default ThreatGroup, GeoGroup, SaaSGroup) that terminate traffic. You must create the SmartGroups, GeoGroups, and SaaSGroups before creating a DCF rule.
If you are using Distributed Cloud Firewall rules for egress purposes, you must:
The Destination Group must be 'Public Internet' if the following are all true:
|
||
WebGroups |
Select the WebGroups that filter egress traffic. You must create these groups before creating a DCF rule. |
||
Protocol |
Select TCP, UDP, ICMP, or Any. If you select TCP or UDP you can enter a port number or port range.
|
||
Enforcement |
If this slider is On, the rule is enforced in the data plane. If this slider is Off, the packets are only watched. This allows you to observe if the traffic impacted by this rule causes any inadvertent issues (such as traffic being dropped). The traffic count will continue to increment. After the rule is created you can enable or disable rule enforcement from the vertical ellipsis menu next to the rule. |
||
Logging |
If this slider is On, information related to the action (such as five-tuple, source/destination MAC address, etc.) is logged. After the rule is created you can enable or disable logging from the vertical ellipsis menu next to the rule.
|
||
Action |
Select Permit or Deny. This determines the action to be taken on the traffic. |
||
SG Orchestration |
This slider is On by default and means the rule is available for Security Group Orchestration. The SG Orchestration toggle is Off and disabled for new rules when any of the following conditions are true:
|
||
Ensure TLS |
Turn On this slider if you want any traffic that matches the ports and Source and Destination Groups, but that is not TLS, to be denied. Traffic is also denied (dropped) even if it is HTTP traffic that matches the domains or URLs in the WebGroups. |
||
TLS Decryption |
If the rule action is Allow, you can enable TLS Decryption.
TLS decryption refers to the process of intercepting and deciphering encrypted data that is transmitted over a TLS-secured connection. |
||
Intrusion Detection (IDS) |
If Intrusion Detection is enabled, traffic is inspected for threats, and the results are displayed on the Detected Intrusions tab. If Intrusion Detection and TLS Decryption are both enabled, the TLS stream is temporarily decrypted, and the decrypted data is examined for intrusions.
|
||
Place Rule |
Select Above, Below, Top, Bottom, or Priority. |
||
Existing Rule |
If you select Above or Below (Place Rule), you must select the existing rule that is affected by the position of the new rule. |
||
Priority |
If you selected Priority (Place Rule), enter a priority number for the new rule. If an existing rule already has that priority, it is bumped down in the list. Zero (0) is the highest priority number. You can change the rule priority after the rule is created (using the arrow icon next to that rule in the Rule table). |