SonicOS 7 Rules and Policies

Configuring an App Rules Policy

When you have created the necessary match object and action object, you are ready to create a policy that uses them.

For information about using the App Control Wizard to create a policy, see Using the App Rule Wizard.

For information about policies and policy types, see About App Rules Policy Creation.

Policies configured through the POLICY | Rules and Policies > App Control page take precedence over those configured through the POLICY | Rules and Policies > App Rules page.

To configure an App Rules policy

  1. Navigate to the POLICY | Rules and Policies > App Rules page.

    App Rules

  2. At the top of the page, click +Add Rule. The Add App Rule dialog displays.

    Add App Rule

  3. Enter a descriptive name into the Policy Name field.

  4. Select a Policy Type from the drop-down menu. Your selection here affects options available in the dialog. For information about available policy types, see About App Rules Policy Creation.

  5. Select a source and destination Address Group or Address Object from the Address drop-down menus. Only a single Address field is available for IPS Content, App Control Content, or CFS policy types.

  6. Select the source or destination service from the Service drop-down menus. Some policy types do not provide a choice of service.

  7. For Exclusion Address, optionally select an Address Group or Address Object from the drop-down menu. This address is not affected by the policy.

  8. For Match Object, select a match object from the drop-down menu containing the defined match objects applicable to the policy type. When the policy type is HTTP Client, you can optionally select an Excluded Match Object.

    The excluded match object provides the ability to differentiate subdomains in the policy. For example, if you wanted to allow news.yahoo.com, but block all other yahoo.com sites, you would create match objects for both yahoo.com and news.yahoo.com. You would then create a policy blocking Match Object yahoo.com and set Excluded Match Object to news.yahoo.com.

    The Excluded Match Object does not take effect when the match object type is set to Custom Object. Custom Objects cannot be selected as the Excluded Match Object

  9. For Action Object, select an action from the drop-down menu containing actions applicable to the policy type. The available objects include predefined actions plus any customized actions which are applicable. The default for all policy types is Reset/Drop.

    For a log-only policy, select No Action.

  10. For Users/Groups, select from the drop-down menus for both Included and Excluded. The selected users or group under Excluded are not affected by the policy.

  11. If the policy type is SMTP Client, select from the drop-down menus for MAIL FROM and RCPT TO, for both Included and Excluded. The selected users or group under Excluded are not affected by the policy.

  12. For Schedule, select from the drop-down menu, which contains a variety of schedules for the policy to be in effect.

    Specifying a schedule other than the default, Always On, turns on the rule only during the scheduled time. For example, specifying Work Hours for a policy to block access to non-business sites allows access to non-business sites during non-business hours.

  13. If you want the policy to create a log entry when a match is found, select Enable Logging.

  14. To record more details in the log, select Log individual object content.

  15. If the policy type is IPS Content, select Log using IPS message format to display the category in the log entry as Intrusion Prevention rather than Application Control, and to use a prefix such as IPS Detection Alert in the log message rather than Application Control Alert. This is useful if you want to use log filters to search for IPS alerts.

  16. If the policy type is App Control Content, select Log using App Control message format to display the category in the log entry as Application Control, and to use a prefix such as Application Control Detection Alert in the log message. This is useful if you want to use log filters to search for application control alerts.

  17. For Log Redundancy Filter, you can either select Global Settings to use the global value set on the POLICY | Rules and Policies > App Control page, or you can enter a number of seconds to delay between each log entry for this policy. The local setting overrides the global setting only for this policy; other policies are not affected.

  18. For Connection Side, select from the drop-down menu. The available choices depend on the policy type and can include Client Side, Server Side, or Both, referring to the side where the traffic originates. IPS Content or App Control Content policy types do not provide this configuration option.

  19. For Direction, click either Basic or Advanced and select a direction from the drop-down menu. Basic allows you to select incoming, outgoing, or both. Advanced allows you to select between zones, such as LAN to WAN. IPS Content or App Control Content policy types do not provide this configuration option.

  20. If the policy type is IPS Content or App Control Content, select a zone from the Zone drop-down menu. The policy will be applied to this zone.

  21. Click OK.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.