On This Page
Compliance Policies
This is a Legacy Feature. It will be discontinued as of version R21-3.
We recommend you consider using the following features:
- Unified Security Policy
- Unified Security Policy Alerts
- Configuring Exceptions for the Unified Security Policy
These features give you greater flexibility in the number of zones that you can configure and allow you to define the requirements that you need.
You can receive a report when a security policy rule changes access for specified traffic. This is valuable for two purposes:
- Risk Management: Report when a rule allows unauthorized connectivity or blocks authorized connectivity.
- Business Continuity: Report when a rule blocks business critical traffic.
For a Risk Management policy, you can select to specify blacklisted traffic, or to specify whitelisted traffic. With a whitelist policy, firewall configurations are in violation of the policy if they allow any traffic that is not specified in any of the policy's configured traffic patterns. With a blacklist policy, firewall configurations are in violation of the policy if they allow any blacklisted traffic.
You can define exceptions to a blacklist policy. Traffic defined as an exception is allowed, despite being included in the blacklist. You can restrict exceptions so that they are allowed only when the firewall rule allowing them defines the source or destination host specifically (explicitly or in a group, but not as part of a subnet).
To configure a blacklist policy, you can enter the traffic patterns manually or you can upload a matrix file.
Legacy Compliance Alerts are Compliance Alerts that were defined in SecureTrack 4.1 or lower. If you need to change Legacy Compliance Alerts, contact Tufin Support.
IPv6 is not supported for this TOS feature.