An exception group is a container for one or more exceptions. You can attach an exception group to all rules or only to selected rules. Exception groups simplify exception management, by allowing you to reuse the same exception group across multiple rules, instead of defining exceptions manually for each individual rule
Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session..
The Exception Groups pane shows a list of existing exception groups, the rules that use them, and any related comments.
The Exception Groups pane contains these options
|
Option |
Meaning |
|---|---|
|
New |
Creates a new exception group. |
|
Edit |
Modifies an existing exception group. |
|
Delete |
Deletes an exception group. |
|
Search |
Searches for an exception group. |
Global Exceptions
The system includes a predefined group named Global Exceptions. Exceptions that you define in the Global Exceptions group are automatically added to every rule in the Rule Base All rules configured in a given Security Policy. Synonym: Rulebase..When you create a new exception group, you select which rule to attach it to.
Exception Groups in the Rule Base
Global exceptions and other exception groups are added as shaded rows below the applicable rule in the Rule Base. Each exception group is labeled with a tab that shows its name. Exceptions within a group are identified in the No column using this syntax: E - <rule number>.<exception number>, where E identifies the line as an exception.
For example
In a Global Exceptions group that contains two exceptions, all rules show the exception rows in the Rule Base No column as E-1.1 and E-1.2.
|
|
Note - The numbering of exceptions varies when you move the exceptions within a rule. |
To view exception groups in the Rule Base:
Click the plus or minus sign next to the rule number in the No. column to expand or collapse the rule exceptions and exception groups.
Creating Exception Groups
When you create an exception group, you create a container for one or more exceptions. After you create the group, add the exception rules to it. You can then attach the group to the applicable rules in the Threat Prevention Rule Base.
To create an Exception Group
|
Step |
Instructions |
|---|---|
|
1 |
In SmartConsole |
|
2 |
In the Exceptions section, click New. |
|
3 |
In Apply On, configure how the exception group is used in the Threat Prevention policy.
|
|
4 |
Click OK. |
|
5 |
Install the Threat Prevention policy. |
To add exceptions to an exception group
|
Step |
Instructions |
|---|---|
|
1 |
In SmartConsole, go to Security Policies > Threat Prevention > Exceptions. |
|
2 |
In the Exceptions section, select the exception group to which you want to add an exception. |
|
3 |
In the bottom pane of this page, click Add Exception. |
|
4 |
Configure the settings for the new exception rule. |
|
5 |
Install the Threat Prevention policy. |
To attach an exception group to a rule
You can add exception groups to Threat Prevention rules.
This only applies to exception groups with Manually attach to a rule selected.
|
Step |
Instructions |
|---|---|
|
1 |
Click Security Policies > Threat Prevention > Custom Policy. |
|
2 |
Right-click the rule and select Add Exception Group. |
|
3 |
Select the applicable Exception Group from the list. |
|
4 |
Install the Threat Prevention policy. |
To create an exception for a specific file type, limited to a specific source and destination
|
Step |
Instructions |
|---|---|
| 1 | In SmartConsole > go to Security Policies > Threat Prevention > Custom Policy > Custom Policy Tools > Profiles. |
|
2 |
Click the |
| 3 | In the Threat Emulation or Threat Extraction pages, select General > File Types > Process specific file type families > Configure. |
| 4 | Right-click the applicable file type and select Bypass. |
|
5 |
Go to the Exceptions tab, and in the top pane, click the |
|
6 |
In the Exception Group window that opens, select Automatically attached to each group with profile, and from the drop-down menu, select the newly created profile. |
|
7 |
In the Security Policies view > Threat Prevention > Exceptions > select the newly created exception group. |
|
8 |
At the bottom pane, create the required exception rule and define its Source and Destination. |
|
9 |
Install the Threat Prevention policy. |
icon to create a new profile.An exception group is a container for one or more exceptions. You can attach an exception group to all rules or only to some rules. With exception groups, you can manage your exceptions more easily, because you can attach the same exception group to multiple rules, instead of manually define exceptions for each rule.
The Exception Groups pane shows a list of exception groups that were created, the rules that use them, and any comments related to the defined group.
The Exceptions Groups pane contains these options
|
Option |
Meaning |
|---|---|
|
New |
Creates a new exception group. |
|
Edit |
Modifies an existing exception group. |
|
Delete |
Deletes an exception group. |
|
Search |
Search for an exception group. |
Global Exceptions
The system comes with a predefined group named Global Exceptions. Exceptions that you define in the Global Exceptions group are automatically added to every rule in the Rule Base. For other exception groups, you can decide to which rules to add them.
Exception Groups in the Rule Base
Global exceptions and other exception groups are added as shaded rows below the rule in the Rule Base. Each exception group is labeled with a tab that shows the exception group's name. The exceptions within a group are identified in the No column using the syntax: E - <rule number>.<exception number>, where E identifies the line as an exception.
For example
If there is a Global Exceptions group that contains two exceptions, all rules show the exception rows in the Rule BaseNo column as E-1.1 and E-1.2. Note - that the numbering of exception varies when you move the exceptions within a rule.
To view exception groups in the Rule Base:
Click the plus or minus sign next to the rule number in the No. column to expand or collapse the rule exceptions and exception groups.
Creating Exception Groups
When you create an exception group, you create a container for one or more exceptions. After you create the group, add exceptions to them. You can then add the group to rules that require the exception group in the Threat PreventionRule Base.
To create an exception group
|
Step |
Instructions |
|---|---|
|
1 |
In SmartConsole, select Security Policies > Threat Prevention > Exceptions. |
|
2 |
In the Exceptions section, click New. |
|
3 |
In Apply On, configure how the exception group is used in the Threat Prevention policy.
|
|
4 |
Click OK. |
|
5 |
Install the Threat Prevention policy. |
Adding Exceptions to Exception Groups
To use exception groups, you must add exception rules to them, (see Parts of the Rules).
To add exceptions to an exception group
|
Step |
Instructions |
|---|---|
|
1 |
In SmartConsole, select Security Policies > Threat Prevention > Exceptions. |
|
2 |
In the Exceptions section, click the exception group to which you want to add an exception. |
|
3 |
Click Add Exception Rule. |
|
4 |
Configure the settings for the new exception rule. |
|
5 |
Install the Threat Prevention policy. |
Adding Exception Groups to the Rule Base
You can add exception groups to Threat Prevention rules. This only applies to exception groups that are configured to Manually attach to a rule.
To add an exception group to the Rule Base
|
Step |
Instructions |
|---|---|
|
1 |
Click Security Policies > Threat Prevention > Custom Policy. |
|
2 |
Right-click the rule and select Add Exception Group > <group name>. |
|
3 |
Install the Threat Prevention policy. |