On This Page
Enforcing Best Practices - Rule Properties Matrix
You can save this as a CSV, and then import it into SecureTrack to create the required zones.
#Zone Properties,,,
zone name,domain,is shared,description
p_DataCenter,Default,FALSE,
p_PM,Default,FALSE,
p_RnD,Default,FALSE,
p_Sales,Default,FALSE,
You can save this as a CSV, and then import it into SecureTrack to create the USP security zone matrix.
from domain,from zone,to domain,to zone,severity,access type,services,rule properties,flows
Default,Internet,Default,Internet,medium,allow all,,,
Default,Internet,Default,p_DataCenter,medium,block all,,,
Default,Internet,Default,p_PM,medium,block all,,,
Default,Internet,Default,p_RnD,medium,block all,,,
Default,Internet,Default,p_Sales,medium,block all,,,
Default,p_DataCenter,Default,Internet,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:25},HOST_TO_SUBNET
Default,p_DataCenter,Default,p_DataCenter,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_DataCenter,Default,p_PM,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_DataCenter,Default,p_RnD,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_DataCenter,Default,p_Sales,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_PM,Default,Internet,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:25},HOST_TO_SUBNET
Default,p_PM,Default,p_DataCenter,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_PM,Default,p_PM,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_PM,Default,p_RnD,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_PM,Default,p_Sales,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_RnD,Default,Internet,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:25},HOST_TO_SUBNET
Default,p_RnD,Default,p_DataCenter,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_RnD,Default,p_PM,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_RnD,Default,p_RnD,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_RnD,Default,p_Sales,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_Sales,Default,Internet,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:25},HOST_TO_SUBNET
Default,p_Sales,Default,p_DataCenter,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_Sales,Default,p_PM,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_Sales,Default,p_RnD,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
Default,p_Sales,Default,p_Sales,medium,allow only,Any,EXPLICIT_SOURCE;EXPLICIT_DESTINATION;EXPLICIT_SERVICE;HAS_COMMENT;IS_LOGGED;LAST_HIT_WITHIN {days:180};SOURCE_MAX_IP {count:25};DESTINATION_MAX_IP {count:25};SERVICE_MAX_SERVICES {count:5},HOST_TO_SUBNET
