Configuring Exceptions for the Unified Security Policy

In Audit > Compliance > Unified Security Policy Exceptions, you can see exceptions to the Unified Security Policy so that specific traffic that is defined as restricted or blocked by the Unified Security Policy is actually approved to pass through the firewalls in your environment. After you define the exceptions, you can create a report that shows the firewall rules that match the exceptions.

You can use the REST API to create the exceptions. After you create an exception, you can find the rules that match the exception and create a report of all rules that are excluded from USP violations.

To add an exception to the Unified Security Policy:

1. Collect the information that you need to define the exception.
2. Prepare the information in the XML format defined in the REST API documentation.
3. Use this URL to create the exception and send the prepared XML as the payload of the request:

   POST https://<securetrack_ip>/securetrack/api/security_policies/exceptions

After you create an exception, to see all of the rules that match the traffic defined in the exceptions:

• Go to: Audit > Compliance > Unified Security Policy Exceptions
• Click on Find Matching Rules to see all of the rules that match the traffic defined in the exceptions.