Verifying a Policy Using Test Mode
53
4
(Optional) Provide a description of the rule set in the Description field.
5
Select one or more rules from the ACL. (To select multiple rules to add to the rule set,
hold down the Shift key.)
6
Click
OK
. The new rule set is added to the policy.
Editing a Rule Set Using the Rule Set Manager
To Edit a rule set using the Rule Set Manager, follow the steps below.
1
In the Policy menu, select
Rule Set
. The Rule Set Manager window appears.
2
Select the rule set you want to edit from the list and then click
Edit
.
3
You can view and edit the following aspects of the rule set:
■
Rule set name
—Change the name of the rule set. The maximum number of
characters that can be entered in the name field is 64. Valid characters for a name
field include all alphanumeric characters (non-case-sensitive), underscore, hyphen,
space, period, colon, parentheses, comma, and forward slash. The system is case-
insensitive and considers two names identical if they differ only in case.
■
Description
—Edit the rule set description.
■
Implementing Policies
—List the policies that currently use this rule set.
■
Individual rules/rule sets
—Add, delete, or edit rules included in this rule set.
4
When you have finished editing the rule set, click
Save
.
5
Click
Close
to exit the Rule Set Editor.
Verifying a Policy Using Test Mode
When EFW filtering is initially turned on, or when making changes to policies, legitimate
traffic could potentially be stopped on your network. To help you avoid this problem,
EFW allows you to place policies in test mode before going “live” with them. Policies or
individual rules and rule sets placed in test mode do not have an effect on any traffic, but
rather cause audit events to be generated when a rule in test mode matches traffic
passing through an EFW device.
To place a policy in test mode, follow the steps below.
1
In the Management Console, select the
Policy
tab.
2
Click on the policy you want to place in test mode.
3
Click
Policy
in test mode
in the Usage field.
4
Click
Save
. This action places the policy in test mode.
NOTE:
The first character in the name field must be an alphanumeric character.
NOTE:
Editing a rule set creates a policy distribution if the rule set is used by
policies assigned to device sets that contain EFW devices (that is, if you save
your rule set changes, they are automatically applied to all of those policies and
distributed to EFW devices in the device sets that are assigned with those policies).
To determine which device sets are assigned to a policy, select the
Policies
tab and
browse the tree-view frame.
