Recently, I found many new CP firewall configurations or test application layer functions. Many policy configurations are not very standardized and standard. The following briefly talks about best practices, which are only for your reference for implementation or checkup.
The implementation of the application layer strategy of CP. In this example, the wall is used as a proxy server as an example:
Step1: Define a four-layer strategy, as shown below:
Description: The strategy is a request from the source of 10.133.1.0/24 to the local proxy service
Step2: Give an lnline layer on the Action of the four-layer strategy, called APP, if there are multiple strategies to share the layer, you can check share, as shown below:
Description: This strategy is a four-layer strategy for proxy flows to APP and URL filtering to identify and classify
Step3: After APP and URL classification and recognition, create a Content layer, check content awareness for content recognition, as shown below:
Step4: After the addition is completed, add an implicit strategy under the strategy. If it is bypassed, chekup is recommended to accept.
Step4: After the addition is completed, add an implicit strategy under the strategy. If it is bypassed, chekup is recommended to accept.
Step5: Be sure to let the strategy track record logs, remember to enable the blade function
Note: Application Control / URL Filtering / Content awareness should be checked
Step6: So far, a complete strategy is as follows:
