Customize trusted traffic

Customize trusted traffic from AFA

To customize trusted traffic:

  1. Do one of the following:

    • To customize the device's trusted traffic via the device page, view the desired device. For details, see View a specific device.

      Note: You can perform this procedure in either the Overview or Reports tab.

    • To customize the device's trusted traffic via the ALL_FIREWALLS group page:
      1. View the ALL_FIREWALLS group. For details, see Viewing the ALL_FIREWALLS Group.

      2. Click the All Reports tab.

        The All Reports tab appears.

      3. Select the check box next to the desired device.

  2. Click Trusted Traffic.

    The Trusted Traffic page appears.

  3. Select the type of trusted traffic to view and modify:
    • To work with traffic that is trusted for all devices, click Global Trusted Traffic.
    • To work with traffic that is trusted for a specific group, click Group Trusted Traffic, then select the desired group from the drop-down list.
    • To work with traffic that is trusted for the current device only, click Device-specific Trusted Traffic.

    The desired type of trusted traffic appears in a table at the bottom of the page.

    Note: All changes to trusted traffic will affect the selected type of trusted traffic only.

  4. To add or edit trusted traffic:
    1. Do one of the following:
      • To add new traffic, click New.
      • To edit existing traffic, select the trusted traffic in the table and click Edit.

      The Add New Trusted Traffic page appears.

    2. In the Specify Trusted Traffic for Firewall area, do one of the following:
      • To specify that the host group you selected should remain trusted even if the device administrator changes the IP addresses defined by it, click Trust future changes to the hostgroups.
      • To specify that AFA should make a copy of the current definition, and only the IP addresses listed in it should be trusted, click Only trust the current IP addresses.
    3. Select the source, destination, and service of the traffic that should be trusted.
    4. To specify an expiration date for the trusted traffic, select the Expiration Date check box and specify the desired date.
    5. In the Comment field, type any comments.

    6. Click OK.

      The Global Trusted Traffic page re-appears with the new traffic listed.

  5. To delete trusted traffic, select the desired traffic in the table and click Delete.

    The trust for the selected traffic is removed.

  6. To import traffic that is specified by a risky rule, do the following:

    1. Click Import Rule.

      The Trusted Traffic page appears.

    2. In the Risky Rule drop-down list, select the desired risky rule.

      The relevant traffic appears in a table at the bottom of the page.

    3. In the Trust Options area, do one of the following:
      • To specify that the host group you selected should remain trusted, even if the device administrator changes the IP addresses defined by it, click Trust future changes to the hostgroup.
      • To specify that AFA should make a copy of the current definition, and only the IP addresses listed in it should be trusted, click Only trust the current IP addresses.
    4. To specify an expiration date for the trusted traffic, select the Expiration Date check box and specify the desired date.
    5. In the Comment field, type any comments.

    6. Click OK.

      The Global Trusted Traffic page reappears with the new traffic listed.

  7. Click OK.

    A message appears recommending that you run a new analysis for changes to take effect.

  8. Click OK.

    To run an analysis, see Manually generated reports.

Back to top

Customize trusted traffic from a device report

You can customize trusted traffic from a device report's Risky Rules page.

Note: Customizing a risky rule from a device report is only available when viewing the report in the AFA Web interface, and not when viewing the downloaded report on your computer.

To customize trusted traffic:

  1. View a report for the desired device. For details, see View device reports.

  2. In the report menu, click the Risky Rules tab.

  3. In the Findings table, click Trust Rule next to the desired risky rule.

    A new window opens, displaying the Trusted Traffic page.

    The desired rule is selected in the Risky Rule drop-down list, and the relevant traffic appears in a table at the bottom of the page.

  4. Do one of the following:

    • To specify that the rule traffic should be trusted for all devices, click Global Trusted Traffic.
    • To specify that the rule traffic should be trusted for a specific group, click Group Trusted Traffic, then select the desired group from the drop-down list.
    • To specify that the rule traffic should be trusted for the current device only, click Device-specific Trusted Traffic.
  5. In the Trust Options area, do one of the following:
    • To specify that the host group you selected should remain trusted even if the device administrator changes the IP addresses defined by it, click Trust future changes.
    • To specify that AFA should make a copy of the current definition, and only the IP addresses listed in it should be trusted, click Only trust the current IP addresses.
  6. To specify an expiration date for the trusted traffic, select the Expiration Date check box. Specify the desired date.
  7. In the Comment field, type any comments.

  8. Click OK.

    The Global Trusted Traffic page appears.

  9. Click OK.

    A message appears recommending that you run a new analysis for changes to take effect.

  10. Click OK.

    To run an analysis, see Manually generated reports.

Back to top