Product Documentation

Policy Labels

Aug 31, 2016

A policy label consists of a set of policies, other policy labels, and virtual server-specific policy banks. The application firewall evaluates each policy bound to the policy label in order of priority. If the policy matches, it filters the connection as specified in the associated profile. Then it does whatever the Goto parameter specifies, which can be to terminate policy evaluation, go to the next policy, or go to the policy with the specified priority. If the Invoke parameter is set, it terminates processing of the current policy label and begins to process the specified policy label or virtual server.

To create an application firewall policy label by using the command line

At the command prompt, type the following commands:

  • add appfw policylabel <labelName> http_req
  • save ns config

Example

The following example creates a policy label named policylbl1.

add appfw policylabel policylbl1 http_req 
save ns config

To bind a policy to a policy label by using the command line

At the command prompt, type the following commands:

  • bind appfw policylabel <labelName> <policyName> <priority> [<gotoPriorityExpression>] [-invoke (<labelType> <labelName>) ]
  • save ns config

Example

The following example binds the policy policy1 to the policy label policylbl1 with a priority of 1.

bind appfw policylabel policylbl1 policy1 1 
save ns config

To configure an application firewall policy label by using the configuration utility

  1. Navigate to Security > Application Firewall > Policy Labels.
  2. In the details pane, do one of the following:
    • To add a new policy label, click Add.
    • To configure an existing policy label, select the policy label and the click Open.
    The Create Application Firewall Policy Label or the Configure Application Firewall Policy Label dialog box opens. The dialog boxes are nearly identical.
  3. If you are creating a new policy label, in the Create Application Firewall Policy Label dialog box, type a name for your new policy label.

    The name can begin with a letter, number, or the underscore symbol, and can consist of from one to 127 letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore (_) symbols.

  4. Select Insert Policy to insert a new row and display a drop-down list with all existing application firewall policies.
  5. Select the policy you want to bind to the policy label, or select New Policy to create a new policy and follow the instructions in To create and configure a policy by using the configuration utility. The policy that you selected or created is inserted into the list of globally bound application firewall policies.
  6. Make any additional adjustments.
    • To modify the policy priority, click the field to enable it, and then type a new priority. You can also select Regenerate Priorities to renumber the priorities evenly.
    • To modify the policy expression, double click that field to open the Configure Application Firewall Policy dialog box, where you can edit the policy expression.
    • To set the Goto Expression, double click field in the Goto Expression column heading to display the drop-down list, where you can choose an expression.
    • To set the Invoke option, double click field in the Invoke column heading to display the drop-down list, where you can choose an expression
  7. Repeat steps 5 through 7 to bind any additional application firewall policies you want to the policy label.
  8. Click Create or OK, and then click Close. A message appears in the status bar, stating that you have successfully created or modified the policy label.