USP Builder

Overview

The USP Builder is displayed in the form of a matrix of all zones defined for the USP. Every zone is included both as a row and a column and each cell in the matrix represents the policy for permission from one zone to another. Different security rules can be set for each combination. USPs are created and managed in the USP Viewer, including selecting the zones to be included.

What Can I Do Here?

View the Security Policy for a Zone

Hover over the desired zone in the matrix. A window appears showing policy details.

Set the Security Policy for a Zone

  1. Right-click on the desired cell in the matrix and select Edit Cell.
  2. Complete the fields on the screen.

    Field Values

    Allow traffic

    • None - Block all (default between different zones)
    • All - Allow all (default within same zone)
    • Customized - Define Cell

    Services / Applications (enabled only when Allow traffic = Customized)

    Select action from list then enter the services / applications to include.

    • Block - only the specified services are blocked
    • Allow - only the specified services and applications are allowed

    Properties (enabled only when Allow traffic = Customized)

    • Explicit Source - Rules must have an explicit source, not the ANY value

    • Explicit Destination - Rules must have an explicit destination, not the ANY value

    • Explicit Service - Rules must have an explicit service, not the ANY value

    • Has Comment - Rules must have text in the comment field

    • is Logged - Rules must be configured to create log entries

    • Last hit within {days: n} - Rules must have hits within the last {n} number of days

    • Source Max IP {count: n} - Source must contain less than {n} IP addresses

    • Destination Max IP {count: n} - Destination must contain less than {n} IP addresses

    • Service Max services {count: n} - Service must contain less than {n} services

    Flow (enabled only when Allow traffic = Customized)
    • Host to Host - Rules where the source and destination of the traffic flow are defined by hosts objects
    • Subnet to Host - Rules where the source of the traffic flow is defined by subnet objects and the destination is defined by host
    • Host to Subnet - Rules where the source of the traffic flow is defined by host objects and the destination is defined by subnet objects
    • None - (default value)
    Severity (enabled only when Allow traffic = Block or Customized)
    • Critical
    • High
    • Medium
    • Low
    Description Description of the enforcement rules for the cell

Copy the Security Policy in a Zone

  1. Right-click on a cell in the matrix and select Copy Cell.

  2. Right-click on the cell that you want to copy the settings to, and select Paste Cell Configuration.

  3. In the Cell Configuration dialog box, modify cell settings as required and click Save.

Import the USP Matrix

This action will upload a CSV file, replacing the USP matrix with the data contained in the file.

You can import a previously exported USP matrix build your matrix externally from scratch. See Preparing a CSV.

  1. Click on the desired USP
  2. Click on Actions > Import

Export the USP Matrix

You can export the matrix, optionally modify and to import to the same or another USP

  1. Click on the desired USP
  2. Click on Actions > Export

A CSV file will be downloaded, according to your browser settings, with the same name as the USP

How Do I Get Here?

  1. From the menu, go to Browser > USP Viewer.

  2. Click on the desired USP.