USP Builder

Overview

The USP Builder is displayed in the form of a matrix of all zones defined for the USP. Every zone is included both as a row and a column and each cell in the matrix represents the policy for permission from one zone to another. Different security rules can be set for each combination. USPs are created and managed in the USP Viewer, including selecting the zones to be included.

What Can I Do Here?

View the Security Policy for a Zone

Hover over the desired zone in the matrix. A window appears showing policy details.

Set the Security Policy for a Zone

  1. Right-click a cell in the matrix and select Edit Cell.

  2. Complete the fields:

    Field Values

    Allow traffic
    • None - Block all (default between different zones)
    • All - Allow all (default within same zone)

    • Customized - Define Cell

    Services / Applications (enabled only when Allow traffic = Customized)

    Select action from list then enter the services / applications to include.

    • Block - only the specified services are blocked
    • Allow - only the specified services and applications are allowed

    Properties (enabled only when Allow traffic = Customized)

    • Explicit Source - Rules must have an explicit source, not the ANY value

    • Explicit Destination - Rules must have an explicit destination, not the ANY value

    • Explicit Service - Rules must have an explicit service, not the ANY value

    • Has Comment - Rules must have text in the comment field

    • is Logged - Rules must be configured to create log entries

    • Last hit within {days: n} - Rules must have hits within the last {n} number of days

    • Source Max IP {count: n} - Source must contain less than {n} IP addresses

    • Destination Max IP {count: n} - Destination must contain less than {n} IP addresses

    • Service Max services {count: n} - Service must contain less than {n} services
    Flow (enabled only when Allow traffic = Customized)
    • Host to Host - Rules where the source and destination of the traffic flow are defined by hosts objects
    • Subnet to Host - Rules where the source of the traffic flow is defined by subnet objects and the destination is defined by host
    • Host to Subnet - Rules where the source of the traffic flow is defined by host objects and the destination is defined by subnet objects
    • None - (default value)
    Severity (enabled only when Allow traffic = Block or Customized)
    • Critical
    • High
    • Medium
    • Low
    Description Description of the enforcement rules for the cell

Copy the Security Policy in a Zone

  1. Right-click a cell in the matrix and select Copy Cell.

  2. Right-click the cell to which you want to copy the settings, and select Paste Cell Configuration.

  3. In the Cell Configuration dialog box, modify cell settings.

  4. Click Save.

Import the USP Matrix

You can import a USP from a CSV file:

This action uploads a CSV file, replacing the USP matrix with the data contained in the file.
  1. Select a USP.
  2. Click Actions > Import.

Export the USP Matrix

You can export the matrix, optionally modify and to import to the same or another USP

  1. Click the USP.
  2. Click Actions > Export.

A CSV file will be downloaded, according to your browser settings, with the same name as the USP.

How Do I Get Here?

Browser > USP Viewer.