Firewall as a Service (FWaaS) provides an application-centric approach, ensuring swift and secure application delivery.
Effective for scaling security in a digital-first environment and delivering a consistent set of protections everywhere.
Rules listed at the top of the Firewall rules override those listed below.
To illustrate this, consider the following example: When user traffic tries to go out through the Harmony SASE network, the system will first check if they match rule #1.
- If they do, this traffic will be allowed. If not- #2 is checked.
- If the traffic matches rule #2, it will be allowed. If not - #3 is checked.
- If the traffic matches rule #3, they will be blocked.
- If none of the rules match, the traffic will either be Denied or Allowed according to the default policy on the Network:
How to Create a Rule
The Firewall policy for a network is a list of Rules that defines the access and traffic routing policies. You can create multiple rules that will apply specific policies for specific User Groups, Resources, and Protocols, as well as comprehensive policies that will be used for the entire Network traffic (i.e., block all traffic on a specific port).
To create a new Rule:
- Navigate to Networks -> Firewall
- Click on (+) Add New Rule
- Select the Network where the Rule should be added
- Provide an indicative Name
- Select the Action type
- Add Source and DestinationObjects the Rule will apply to
- Add Services the Rule will apply to
Three types of Objects can be used in the Source and Destination conditions:
Any - All traffic (any address or user).
Groups or Members - All traffic routed from/to a specific Member or Users Group
Addresses - Traffic routed from/to an FQDN, IP Address, Subnet, or List of IPs.
For services, there are two types:
Any - All traffic on all protocols and ports
Services -Traffic routed on a specific Protocol or Ports.
7. Drag the new Rule to the proper Priority (#).
8. Click on Apply Changes.