Customize trusted traffic
This topic discusses customizing trusted traffic.
Note: For changes in trusted traffic to take effect, an analysis must be run.
What is trusted traffic?
Trusted traffic is traffic that does not trigger a risk.
You can create trusted traffic or you can import trusted traffic from a risky rules report.
Note: When importing trusted traffic, you are trusting the traffic that is represented in the rule. You are not importing the rule itself.
Traffic can be trusted on the All Firewalls, group or device level:
-
Trusting traffic at the All Firewalls level trusts the traffic to all the devices in your ASMS system.
-
Trusting traffic at the Group level trusts the traffic for all devices in the group (a management device and its connected devices or a user defined group).
-
Trusting traffic at the Device level trusts the traffic only to the specific device.
Permitted source(s), permitted destination(s) and a permitted service are the required parts that comprise a trusted traffic definition.
When you trust traffic, you can also set an expiration date for the trust.
Import trusted traffic
You can import Trusted Traffic rules in three ways:
- Note: Importing more than one rule at a time may increase the time it takes to complete the import process.
When you import trusted traffic from the Reports tab, you can choose from any historical report and import Trusted Traffic based on its Risky Rules.
To import trusted traffic from the Reports tab:
- Select the device in the device tree.
- On the Reports tab, select a report.
-
Click Trusted traffic .
-
Click the Import rule button. The Import Trusted Traffic dialog appears.
Note: if the selected report does not have any trusted Traffic, the import rule button does not appear.
-
Select the rules whose traffic data you wish to trust.
-
Enter or select values as per the Trusted traffic fields table below.
-
Click Import.
In the Overview tab's Trusted Traffic option, you can import rules from the device's latest Risky Rules report.
To import trusted traffic from the device's latest Risky Rules report:
- In the home page of the selected device, click the Overview tab and then click Trusted Traffic. The trusted traffic of the device is displayed.
-
Click the Import rule button.
The Import Trusted Traffic dialog appears.Note: The risky rules displayed in the dialog are the same as those shown in the risky rules page of the latest report.
-
Select the rules whose traffic data you wish to trust.
-
Enter or select values as per the Trusted traffic fields table below.
-
Click Import.
You can also trust traffic from a device's Risky Rules report.
Note: Trusting traffic from reports is only available via the AFA Web interface. This functionality is not available when viewing the downloaded report or a report sent by mail on your computer.
To trust traffic from a Risky Rules report:
-
In the risky rules display, click the Trust button of the rule whose traffic details (source, destination, service) you wish to trust.
-
Fill out the Import Trusted Traffic dialog according to Trusted traffic fields table below.
-
Click Import.
The traffic defined by the rules you selected is added as trusted traffic to the selected device, group or ALL_FIREWALLS level.Note: For changes in trusted traffic to take effect, an analysis must be run.
The Import Trusted Traffic dialog is displayed.
View the trusted traffic of a device
You can view Trusted Traffic rules only from a selected device. Rules affecting ALL_FIREWALLS or the group the device is part of can be seen in the Trusted Traffic Level column in the list of trusted traffic that impacts the device.
Do the following:
- In the home page of the selected device, click the Overview tab and then click Trusted Traffic.
The Trusted Traffic page is displayed, listing the trusted traffic that currently impacts the selected device.
Rules affecting the device only, ALL_FIREWALLS or all devices in the group the device is part of can be seen in the Trusted Traffic Level column.
Create trusted traffic
You can create Trusted Traffic rules only from a selected device. Rules can be applied to the device itself, ALL_FIREWALLS or devices in the group the device is part of.
To trust traffic for a device:
- In the home page of the selected device, click the Overview tab and then click Trusted Traffic. The trusted traffic of the device is displayed.
- Click the Add trusted traffic button.
- In the Add Trusted Traffic dialog, enter or select values in the fields according to the detailed table Trusted traffic fields below.
- Click Done to save your changes.
Note: For changes in trusted traffic to take effect, an analysis must be run.
Edit trusted traffic
To edit trusted traffic:
- In the home page of the selected device, click the Overview tab and then click Trusted Traffic.
- Select the trusted traffic that requires editing, and click the Edit icon at the right side of its row.
- In the Edit Trusted Traffic dialog, edit the fields according to the Trusted traffic fields table below.
- Click Done to save your changes.
Note: For changes in trusted traffic to take effect, an analysis must be run.
Delete trusted traffic
To delete a trusted traffic:
- In the home page of the selected device, click the Overview tab and then click Trusted Traffic.
-
Select the trusted traffic that you want to untrust from the list.
-
Click the Delete icon to the right of that trusted traffic row.
Note: For changes in trusted traffic to take effect, an analysis must be run.
Trusted traffic fields
The following fields are applicable when creating, editing, and importing trusted traffic.
Field | Description |
Select trusted traffic level | Select the level to which the trusted traffic is applied. You can choose from: All Firewalls, a group of devices, or a single device. |
Select trust options |
Trust only current IP addresses of the relevant trusted traffic host groups or Trust future changes to the host groups' IP addresses. |
Expiration Date | Optionally select an expiration date for the trusted traffic. |
Select source by | Select source type (Host group, IP address or Range of IP Addresses). In the field to the right, enter or select the source host group name, IP address or range of IP addresses. |
Select destination by | Select destination type (Host group, IP address or Range of IP Addresses). In the field to the right, enter the destination host group name, IP address or range of IP addresses. |
Select service (Radio Button) |
Select the relevant Service for your trusted traffic from the list. (Alternatively, add a new service) |
Add New Service (Radio Button) |
When you click Add New Service, additional fields are displayed relevant to defining a new service. Enter Service Name and Protocol, and the Source Port and/or the Destination Port ranges. |
Comment | Free text field. (optional) |