Create a Security Rule
Create security rules that contain a set of criteria against which a network packet is matched and then allowed or blocked.
- Create application lists, service lists, address lists, and URL lists to use when creating the rule.
The specified source and destination match condition for the traffic consists of lists that you configure in the policy before you construct the rule. You can create a maximum of 10,000 security rules for each policy.
Important
If no match criteria are defined in the security rule (an empty list is specified for the rule), then the rule matches to wildcard ("any") criteria. This behavior applies to all traffic examined in the rule.
If no match criteria are defined in the security rule (an empty list is specified for the rule), then the rule matches to wildcard ("any") criteria. This behavior applies to all traffic examined in the rule.
The rule action defines how the firewall handles the packet if it matches the specified conditions. The firewall can perform the following actions:
- Allow traffic: The traffic is allowed to proceed.
- Drop traffic: The traffic is dropped silently, no notification of reset is sent.
- Intrusion detection: Logs the traffic
- Intrusion prevention: Blocks the traffic.Important
If you want to use intrusion detection and prevention, you must also enable logging. See Logging Firewall Activity. - Reject traffic: The traffic is dropped and a reset notification is sent.
Important
Some names are reserved by Palo Alto Networks®. If you create a policy component with a reserved name, the process fails with an error. See Reserved Names.
Some names are reserved by Palo Alto Networks®. If you create a policy component with a reserved name, the process fails with an error. See Reserved Names.
Use the network-firewall security-rule create command and required parameters to create a decryption rule:
oci network-firewall security-rule create --name my_security_rule --network-firewall-policy-id network firewall policy OCID --action ALLOW --condition '[{"sourceAddress":"IP_address"}]' ...[OPTIONS]
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Run the CreateSecurityRule operation to create a security rule.