Configure Prefiltering
To perform custom prefiltering, configure prefilter policies and assign the policies to access control policies. It is through the access control policy that prefilter policies get assigned to managed devices.
Only one person should edit a policy at a time, using a single browser window. If multiple users save the same policy, the last saved changes are retained. For your convenience, the system displays information on who (if anyone) is currently editing each policy. To protect the privacy of your session, a warning appears after 30 minutes of inactivity on the policy editor. After 60 minutes, the system discards your changes.
Procedure
Step 1 | Choose . | ||
Step 2 | Click New Policy to create a custom prefilter policy. A new prefilter policy has no rules and a default action of Analyze all tunnel traffic. It performs no logging or tunnel rezoning. You can also Copy () or Edit () an existing policy. | ||
Step 3 | Configure the prefilter policy's default action and its logging options.
| ||
Step 4 | Configure tunnel and prefilter rules. In a custom prefilter policy, you can use both kinds of rule, in any order. Create rules depending on the specific type of traffic you want to match and the actions or further analysis you want to perform; see Tunnel vs Prefilter Rules.
For detailed information on configuring rule components, see Tunnel and Prefilter Rule Components. | ||
Step 5 | Evaluate rule order. To move a rule, click and drag or use the right-click menu to cut and paste. Properly creating and ordering rules is a complex task, but one that is essential to building an effective deployment. If you do not plan carefully, rules can preempt other rules or contain invalid configurations. For more information, see Best Practices for Access Control Rules. | ||
Step 6 | Save the prefilter policy. | ||
Step 7 | For configurations that support tunnel zone constraints, appropriately handle rezoned tunnels. Match connections in rezoned tunnels by using tunnel zones as source zone constraints. | ||
Step 8 | Associate the prefilter policy with the access control policy deployed to your managed devices. | ||
Step 9 | Deploy configuration changes; see Deploy Configuration Changes.
|
What to do next
If you will deploy time-based rules, specify the time zone of the device to which the policy is assigned. See Configure Device Time Zone for Policy Application.