Create firewall rules

You can create firewall rules one by one or import firewall rules in bulk.

Create a firewall rule

On the top navigation bar, click Cloud Services, and then select Firewalls Service from the Network menu.

Click the name of the target firewall.

On the Firewall Rules tab, click Add Rule.

Configure rule parameters and then click OK.

Table-1 Creating a firewall rule

Parameter		Description
Enable		Enable or disable the rule. Options include: · Yes—Enables the rule. · No—Disables the rule. A rule takes effect only after it is enabled.
IP Version		Select the IP version.
Match Mode		Specify the match mode. Options include Five-Tuple and Object Group. If you select Object Group, you must specify a minimum of one object group in the Source Object Group, Destination Object Group, and Service Object Group fields.
Actions		Select the action to take on packets matching the rule. Options include: Inspect—Inspects application layer information of the packets. If you select this action, you must specify an IPS policy, antivirus policy, or both. If the firewall flavor is Common, the action cannot be set to Inspect. Accept. Deny.
Five-tuple match mode	Protocol	Specify a traffic protocol. Options include TCP, UDP, ICMP, and ANY. If you select ANY, the rule takes effect on traffic of all protocols.
	Source IP	Specify a source IP address or IP address range.
	Source Port	Specify a source port number or port number range. This field is available only for TCP and UDP.
	Destination IP	Specify a destination IP address or IP address range.
	Destination Port	Specify a destination port number or port number range. This field is available only for TCP and UDP.
Object group match mode	Source Object Group	Select a source IPv4 or IPv6 address object group for source packet address matching.
	Destination Object Group	Select a source IPv4 or IPv6 address object group for destination packet address matching.
	Service Object Group	Select a service object group for traffic protocol and port number matching.
IPS Policies		Select an IPS policy.
Anti-Virus Policies		Select an antivirus policy.

You can perform this task to import firewall rules that use five-tuples to match packets. The system provides a file template for import. To use a non-template file, make sure the format of the file content is as required as in the template.

· You can import a maximum of 100 rules at a time.

· Only .csv files are supported.

· If you uploaded an incorrect file, first delete the file and then reselect the target file.

To import firewall rules:

On the top navigation bar, click Cloud Services, and then select Firewalls Service from the Network menu.

Click the name of the target firewall.

On the Firewall Rules tab, click Bulk Import.

Upload the file that contains firewall rules.

To import rules from the template, click Download Template to download the firewall rule template to the local device. Edit the template and save it. Click Select File, and then select the template

To import rules from a file that you have already created, click Select File and select the file.

For more information about the template content, see Table-2.

The system displays obtained rule entries in the rule list.

Import rules to the system.

To import a single rule, click Import for the target rule.

To import multiple rules, select the target rules, and then click OK.

The system might display rules on several pages. If you select all rules by clicking the check box on the table header, only rules on the current page are selected. Make sure you have selected all required rules on all pages before clicking OK.

You can adjust the number of displayed entries per page to display more entries on a page.

To delete a rule, click the Delete icon for the target rule.

To delete multiple rules, select the target rules, and then click Delete.

Table-2 Importing firewall rules

Parameter	Description
Name	Enter the rule name. This field is required.
Protocol	Select the packet protocol. Options include TCP, UDP, ICMP, ICMPv6, and ANY. If you select ANY, the rule takes effect on packets of all protocols. This field is required.
IP Version	Select the IP version. Options include IPv4 and IPv6. This field is required.
Source IP	Specify the source IP address or IP address range. This field is optional.
Source Port	Specify the source port number or port number range. This field is available only for TCP and UDP.
Destination IP	Specify the destination IP address or IP address range. This field is optional.
Destination Port	Specify the destination port number or port number range. This field is available only for TCP and UDP.
Service	Specify a service object group. This field is optional.
IPS Policy	Specify an IPS policy. If you set the action to Inspect, you must specify an IPS policy, antivirus policy, or both. Leave this field empty if the action is not Inspect.
Anti-Virus Policy	Specify an antivirus policy. If you set the action to Inspect, you must specify an IPS policy, antivirus policy, or both. Leave this field empty if the action is not Inspect.
Actions	Select an action. Options include: Inspect—Inspects application layer information of the packets. If you select this action, you must specify an IPS policy, antivirus policy, or both. Accept. Deny. This field is required.
Enable	Enable or disable the rule. Options include: · Yes—Enables the rule. · No—Disables the rule. A rule takes effect only after it is enabled. This field is required.
Description	Specify the rule description. This field is optional.

Create firewall rules

Create a firewall rule

Import firewall rules