Cato Networks Knowledge Base

Search

Managing Internet Firewall Rules

This article explains how to manage the Internet firewall rulebase, including: create new rules, edit rules, enable and disable a rule, search for a rule, and delete rules.

For more information about the Internet firewall policy in Cato, see What is the Cato Internet Firewall?.

Creating New Internet Firewall Rules

Create a new Internet firewall rule and configure the rule's settings to implement the Internet usage policy for your organization.

For more about Source items for a rule, see What is the Cato WAN Firewall?.

The Time options define the time range that the rule is enabled. You can configure custom options for a rule, or choose the default working hours that are defined for the account.

To create a new rule for the Internet firewall:

  1. From the navigation menu, select Security > Internet Firewall.

  2. Click New.

  3. Enter the Name for the rule.

  4. Enable or disable the rule using the slider (green is enabled, grey is disabled).

  5. Configure the Rule Order for this rule.

    New rules are added to the bottom of the rulebase. You can change the order in which this rule is applied.

  6. Expand Source and select the source type.

    • Select the type (for example: Host, Network Interface, IP, Any). The default value is Any.

    • When needed, select a specific object from the drop-down list for that type.

  7. Expand the App/Category section and select one or more applications for the rule.

    When there is more than one App/Category object in a rule, there is an OR relationship between them. The default value is Any.

  8. Expand the Service/Port section and define the type or types (Service, Port/Protocol, Any) that are applied to this rule.

    When there is more than one Service/Ports object in a rule, there is an OR relationship between them. The default value is Any.

  9. Select the Action for this rule. The options are Allow, Block, Prompt.

  10. (Optional) Configure Track options to generate Event and Email Notifications and set the time when the rule is active. For more information, see: Working with Email Notifications for the Account.

  11. Optional: Configure the Time options that define when this rule is enabled.

  12. Click Apply. The new rule is added to the rulebase.

  13. Click Save.

Using Exceptions to Allow Internet Connections

You can use exceptions in the Internet firewall rulebase to ignore a specific rule and continue with the lower priority rules. Remember to make sure that a lower priority rule doesn't match and block the traffic. The final implicit ANY ANY Allow rule allows all traffic. For example, if rule #3 blocks access to the Hiring category, you can create an exception that does not block access for the Human Resources (HR) department.

The exception for a rule is a sub-set of the rule, and some settings apply to both the rule and the exception:

  • When you disable the rule, the exception is also disabled

  • When you move the rule and change the priority, the exception is also moved

To add an exception to a firewall rule:

  1. From the navigation menu, select Security > Internet Firewall.

  2. On the right of the rule, click More_icon.png and select Add Exception.

    The Add Exception panel opens.

  3. Expand and configure the settings for the rule exception.

    The Action for the parent rule is not applied to the rule exception.

  4. Click Apply. The exception is added below the rule.

  5. Click Save. The exception is saved.

To remove an exception from a firewall rule:

  1. From the navigation menu, select Security > Internet Firewall.

  2. From the right-hand column of the rule, click More_icon.png and in the pop-up window select Delete Exception.

    The exception is removed from the rule.

  3. Click Save. The exception is deleted.

Working with Internet Firewall Rules

Use the Internet Firewall rule search to find the rules you want to work with. The search function finds and shows rules that include the search terms in any of the following fields:

  • Name

  • Source

  • App/Category

  • Service/Port

If a rule is part of a section, the results show the rule within the section.

Editing Internet Firewall Rules and the Rulebase

You can edit rules and change the order of the rules in the firewall rulebase.

To edit a rule:

  1. From the navigation menu, select Security > Internet Firewall.

  2. Click on the rule. The Edit panel opens.

  3. Expand any of the sections in the panel to display and edit the current rule settings.

  4. Click Apply to change the rule settings. The Edit panel closes.

  5. Click Save to save the changes.

To change the order of the rules:

  1. From the navigation menu, select Security > Internet Firewall.

  2. Hover at the left end of the rule, and this icon is shown: move.png.

  3. Click the icon and drag the rule up or down in the rulebase.

  4. Click Save.

Enabling and Disabling an Internet Firewall Rule

To enable or disable a rule:

  1. From the navigation menu, select Security > Internet Firewall.

  2. On the right of the rule, click the icon More_icon.png and from the pop-up menu select Enable or Disable.

  3. Click Save. The rule is enabled or disabled.

Deleting Internet Firewall Rules

You can delete one or more rules from the firewall rulebase. After you delete the rules, you cannot undo or restore them.

To delete rules from the firewall rulebase:

  1. From the navigation menu, select Security > Internet Firewall.

  2. From the right-hand column of the rule, click More_icon.png and in the pop-up window select Delete Exception.

    The exception is removed from the rule.

  3. Click Save. The exception is deleted.

Related Resources:

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.