Network rules

Network rules apply block, allow, or continue actions for network traffic on all ports and protocols, based on source, destination, or traffic signatures defined as Services.

Network rules are checked in priority order, with the first rule in the list checked first. The first matching rule is applied, no further rules are used.

You can create rules that define Source, Destination, and Service settings, and apply a default block or allow action for traffic that matches the rule.

A network rule consists of the following elements:

  • Source: defines where traffic must originate for the rule to apply. Source can include one or more Sites, or Source IP Address Lists. By default, the rule applies to traffic from any source to which the policy applies.
  • Destination: defines the destination addresses to which traffic must be directed for the rule to apply. Destinations can include one or more Destination IP Address Lists, or Domain Name Lists. By default, the rule applies to traffic to any destination.
  • Service: defines traffic traffic signatures, defined as Services, that must match traffic for the rule to apply. By default, the rule applies to any network service.
  • Action: the action applied to matching traffic. Rule actions are:
    • Block: blocks matching traffic by terminating the session. No further policy processing is performed.
    • Allow and bypass: allows traffic and bypasses further inspection. Traffic is not decrypted, and no further policy processing stages are applied.
    • Continue inspection: this action allows matching traffic, and applies all further policy processing stages, which can subsequently block or allow the traffic.

Default network rule

The final rule in the list is a default Continue inspection rule for TCP, UDP, and ICMP traffic. The default rule cannot be removed, and applies to all traffic to which the policy applies. The rule allows TCP, UDP, and ICMP traffic that is not explicitly covered by another rule, and continues processing further policy stages. All other traffic that is not explicitly covered by another rule is blocked.

The default rule can be edited to apply it to specific Services.