Focus

Internet Gateway Best Practice Security Policy

Remove the Temporary Rules

Table of Contents

Remove the Temporary Rules

After several months of monitoring your initial internet gateway best practice security policy and tuning the rulebase, you should see less and less traffic that you want to allow matching the temporary rules. Keep in mind that some applications are only used quarterly or yearly for periodic meetings and events. Before you stop allowing an application by removing it from the temporary rules without adding it to another allow rule, make sure that it's not used only periodically and make sure that it's not an application that's critical to your business

When you no longer see traffic that you want to allow matching the temporary rules, you have achieved your goal of transitioning to a fully application-based Security policy rulebase. You can now remove the temporary rules, including the application block rules for applications that don't have a legitimate use case and for public DNS and SMTP applications because the default interzone-default deny rule automatically blocks that traffic since it matches no explicit allow rules. (Keep the rules that block QUIC for SSL Forward Proxy.)

Select PoliciesSecurity.
Select the rule's row and click Delete.

Alternatively, Disable the temporary rules for a period of time before deleting them. Examine the Traffic logs for traffic that matches the interzone-default deny rule. If the Traffic logs reveal that traffic you want to allow matches the interzone-default, you can Enable them again, add the desired application to an existing allow rule, or create a new allow rule for the application.
Commit the changes.

Monitor and Fine-Tune the Policy Rulebase

Maintain the Rulebase