Security Policy Management

Security policy group

You can add several consecutive security policies or existing security policies to a security policy group to manage them in a centralized manner.

Security policy identification

• Name

  The name of a security policy rule is the most common way to identify a security policy. The name must be unique. On a live network, there are multiple security policies. To facilitate subsequent search and maintenance, you are advised to name the security policies based on their functions. For example, the security policy that controls traffic from the Trust zone to the DMZ can be named sec_policy_trust-dmz; the security policy that controls the enterprise R&D department can be named sec_policy_research.

• Description

  Description must clearly indicate the functions of the security policy rules to make rules easy to find and maintain.

• Sequence number

  On the web UI, the sequence numbers in the leftmost column of the security policy list identify the sequence of security policies. The sequence numbers vary with the sequence of security policies. Therefore, a sequence number cannot uniquely identify a security policy.

• ID

  The system assigns an ID to each security policy rule. An ID uniquely identifies a security policy rule. You can run the display security-policy rule all command to view the ID of a security policy rule. The default security policy rule ID is 0.

• Tag

  When a device has many security policies, tags can be used to identify and classify the policies. To view and process a type of policies in batches, you can search for their tag.

Traffic statistics of security policies

Statistics can be collected on the number and rate of packets and bytes that match security policies whose action is permit.

Other operations

In addition to the preceding management methods, other operations shown in Figure 1 are provided for security policies: copy, move, insert, export, clear all matching counts, enable, and disable.

Figure 1 Other operations for security policies