It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Application Policies

  • Last updated on

The Barracuda CloudGen Firewall lets administrators with appropriate permissions manage application policies on a global or individual basis. Instead of using the default built-in policies, you can also create explicit profiles and policies on the firewall or Control Center, and assign them to your rules instead of using firewall objects. For example, apply a global application policy to allow access to an application for specific users or groups. All users are denied access to the application except the users specified in the profile settings. All policies apply top down. That means the first policy in the list that matches applies. Policies below the first match will not apply. 

app-pol_overview.png

For information on how to customize default policy profiles, see How to Configure Policy Profiles.

Create an Application Policy Profile

Create an explicit application policy profile to match individual requirements. 

Policy profiles are created on the Control Center. On standalone CloudGen Firewalls, you can customize the default profiles and add explicit policies if required. 

  1. (On the Control Center) Go to CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > Global Firewall Objects/Policies.
  2. Click Lock.
  3. In the left menu, expand Policy Profiles.
  4. Select Applications.

  5. To add a new policy profile, click the plus icon (+.ico.png) at the top right of the window, enter a profile name, and click OK.
    app_new.png
  6. Click Send Changes and Activate.

The policy profile now appears in the Application Shared Policy Profiles list, and you can create explicit policies for it.

Create an Explicit Application Policy

Select a policy profile and create explicit policies. 

  1. (On the Control Center) Go to CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > Global Firewall Objects/Policies.
  2. (On a CloudGen Firewall) Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
  3. Click Lock.
  4. In the left menu, expand Policy Profiles.
  5. Select Applications. The application policies window opens.

  6. (Control Center only) Select the profile you wish to create the policy for. The explicit policy list appears in the lower window.
  7. (Control Center only) To add a new policy, click the plus icon (add_ico.png) at the top right of the lower window. You can also right-click the list and select Add Policy.
    (CloudGen Firewall only) To add a new policy, click the plus icon (add_ico.png) at the top right. You can also right-click the list and select Add Policy.
  8. Specify values for the following:
    • Name – Enter a descriptive name for the explicit policy.
    • Description – Enter a description for the policy.
    • Action – Select Allow or Block from the drop-down menu to specify the action to take for the application traffic matched by the policy.
    • Source / Destination IP/Network – Select the source and destination network, or select <Explicit Network> and enter an IP address / network, or enter a domain that gets resolved to an IP address for the matching.  
    • Application Criteria – Define the application match condition. Add an application the policy should apply to, or create explicit applications. To open the selection menu, double-click the corresponding field. Selecting applications in the application editor works similar to the process in the objects configuration for the application rule set. For more information, see How to Create an Application Object and How to Create a Custom Application Object.
    • Users – Specify the users the policy should apply to.
    • Schedule – Set a time schedule for the policy to apply. For more information, see Schedule Objects.
      app_exp.png
  9. Click OK.
  10. Click Send Changes and Activate.

The policy is now listed in the lower window and can be selected as Policy in your forwarding rules. For more information, see the last step in How to Configure Policy Profiles.