Customize trusted traffic

This topic discusses customizing trusted traffic.

Note: For changes in trusted traffic to take effect, an analysis must be run.

What is trusted traffic?

Trusted traffic is traffic that does not trigger a risk.

You can create trusted traffic or you can import trusted traffic from a risky rules report.

Note: When importing trusted traffic, you are trusting the traffic that is represented in the rule. You are not importing the rule itself.

Traffic can be trusted on the All Firewalls, group or device level:

  • Trusting traffic at the All Firewalls level trusts the traffic to all the devices in your ASMS system.

  • Trusting traffic at the Group level trusts the traffic for all devices in the group (a management device and its connected devices or a user defined group).

  • Trusting traffic at the Device level trusts the traffic only to the specific device.

Permitted source(s), permitted destination(s) and a permitted service are the required parts that comprise a trusted traffic definition.

When you trust traffic, you can also set an expiration date for the trust.

Import trusted traffic

You can import Trusted Traffic rules in three ways:

    Note: Importing more than one rule at a time may increase the time it takes to complete the import process.

View the trusted traffic of a device

You can view Trusted Traffic rules only from a selected device. Rules affecting ALL_FIREWALLS or the group the device is part of can be seen in the Trusted Traffic Level column in the list of trusted traffic that impacts the device.

Do the following:

  • In the home page of the selected device, click the Overview tab and then click Trusted Traffic.

    The Trusted Traffic page is displayed, listing the trusted traffic that currently impacts the selected device.

  • Rules affecting the device only, ALL_FIREWALLS or all devices in the group the device is part of can be seen in the Trusted Traffic Level column.

Create trusted traffic

You can create Trusted Traffic rules only from a selected device. Rules can be applied to the device itself, ALL_FIREWALLS or devices in the group the device is part of.

To trust traffic for a device:

  1. In the home page of the selected device, click the Overview tab and then click Trusted Traffic. The trusted traffic of the device is displayed.
  2. Click the Add trusted traffic button.
  3. In the Add Trusted Traffic dialog, enter or select values in the fields according to the detailed table Trusted traffic fields below.

  4. Click Done to save your changes.

Note: For changes in trusted traffic to take effect, an analysis must be run.

Edit trusted traffic

To edit trusted traffic:

  1. In the home page of the selected device, click the Overview tab and then click Trusted Traffic.
  2. Select the trusted traffic that requires editing, and click the Edit icon at the right side of its row.
  3. In the Edit Trusted Traffic dialog, edit the fields according to the Trusted traffic fields table below.
  4. Click Done to save your changes.
  5. Note: For changes in trusted traffic to take effect, an analysis must be run.

Delete trusted traffic

To delete a trusted traffic:

  1. In the home page of the selected device, click the Overview tab and then click Trusted Traffic.
  2. Select the trusted traffic that you want to untrust from the list.

  3. Click the Delete icon to the right of that trusted traffic row.

Note: For changes in trusted traffic to take effect, an analysis must be run.

Trusted traffic fields

The following fields are applicable when creating, editing, and importing trusted traffic.

Field Description
Select trusted traffic level Select the level to which the trusted traffic is applied. You can choose from: All Firewalls, a group of devices, or a single device.
Select trust options

Trust only current IP addresses of the relevant trusted traffic host groups

or

Trust future changes to the host groups' IP addresses.

Expiration Date Optionally select an expiration date for the trusted traffic.
Select source by Select source type (Host group, IP address or Range of IP Addresses).
In the field to the right, enter or select the source host group name, IP address or range of IP addresses.
Select destination by Select destination type (Host group, IP address or Range of IP Addresses).
In the field to the right, enter the destination host group name, IP address or range of IP addresses.

Select service

(Radio Button)

Select the relevant Service for your trusted traffic from the list.

(Alternatively, add a new service)

Add New Service

(Radio Button)

When you click Add New Service, additional fields are displayed relevant to defining a new service.

Enter Service Name and Protocol, and the Source Port and/or the Destination Port ranges.

Comment Free text field. (optional)