Skip to main content

Managing Policies

You can easily configure your Zenarmor policies on the Zenconsole (Centralized Cloud Management Portal) by completing the tasks explained in this guide.

Policy Actions

Based on your organization's information security standards, a Zenarmor (Sensei) policy defines how your organization's firewalls should process inbound and outbound network traffic for certain IP addresses, address ranges, users, user groups, protocols, applications, content categories, and more.

You may view or manage your policies on your firewall on the Policies page.

To view the Policies page of a node:

  1. Select a node on Zenconsole.
  2. Click Policies on the left sidebar menu.

Policies page of a node

Figure 1. Policies page of a node

On the Policies page of a node, you can perform the following management tasks:

  • Import policies

  • View the list of the policies

  • View the status of the policies

  • Edit a policy

  • Clone a policy

  • Delete a policy

  • Create a new policy

  • Create a new centralized policy

  • Reorder the policies

  • Synchronize a policy with a firewall

  • Create a restore point (backup node policies)

  • Restore a node to a point (restore node policies)

  • Delete a restore point (delete backup of node policies)

Importing Policies

When you view the policies of a node for the first time, all of your local policies defined on the node are imported into the Cloud Portal automatically.

info

If you have not created any new policies yet, only one policy called Default will be imported.

Importing Policies automatically

Figure 2. Importing policies automatically

Viewing Policies List & Status of the Policies

All of the defined policies on your firewall are listed on the Policies page as well as the status of the policies.

Policies list view

Figure 3. Policies list view

Status

Enabled Policy If the policy is enabled, a solid green circle is displayed in the bottom right corner of the policy's icon to the left of the policy name.

Disabled Policy If it is not enabled, you will see a solid white circle instead of green.

Synchronization

The policy list includes icons to indicate the synchronization status of each policy.

Synchronized Policy If the policy is synchronized with the firewall, a solid blue circle with a checkmark icon is displayed on the right side of the policy list.

Unsynchronized Policy If it is not synchronized, a solid grey synchronization icon is displayed.

Editing a policy

You may edit a policy by simply clicking on the name of the policy in the policy list view. For more information about policy configuration, please refer to Configuring a policy.

Editing a policy

Figure 4. Editing a policy

info

If you are not the owner of the firewall you cannot edit policy settings.

Cloning a policy

Zenconsole allows you to clone a policy to a different firewall. This will create a new policy with the same settings as the original policy.

You can also clone a policy as a Centralized policy. Centralized policies can be added to multiple firewalls at the same time. This will help you to manage the policy in a centralized manner.

To make a copy of a policy:

  1. Click on the clone icon Clone Policy next to the policy name that you wish to copy. This will open a dialog box for renaming the clone of the policy.

  2. Enter a descriptive name for the new policy

  3. Select the firewall from the drop-down Firewall list.

  4. Or if you wish to clone the policy as a Centralized policy, you may switch on the toggle button next to the Centralize policy option.

  5. Click the Clone button. The new policy will be sent to the node. You will see the clone of the policy in the policy list view.

Cloning a policy

Figure 5. Cloning a policy

note

Policy Clone feature is available only for Paid Edition. If you need more than one policy, you must have a Premium subscription. For more information, please refer to plans & pricing.

Deleting a Policy

To delete a policy:

  1. Click on the trash icon Trash Icon. This will open a dialog box for confirming the deletion of the policy.
  2. Click the Remove button. The policy will be removed from the firewall.

Deleting a policy

Figure 6. Deleting a policy

note

If you have not created a restore point before deleting a policy, please be careful since the delete action cannot be undone.

Creating a New Policy

To create a new policy:

  1. Click on the Create new policy button at the top right corner of the Policies page. A dialog box will open for renaming the new policy.
  2. Enter a name and click the Create button. The new policy will be sent to the node. You will see the new policy in the policy list view. For more information about policy configuration, please refer to Configuring a policy.

Creating a new policy

Figure 7. Creating a new policy

tip

If you are using an OPNsense firewall and create a policy on Zenconsole, this policy is displayed with a cloud icon in Zenarmor policy list on your OPNsense UI after the policy synchronization.

Zenconsole created policy displayed with cloud icon on OPNsense

Figure 8. Zenconsole created policy displayed with cloud icon on OPNsense

Adding a Centralized Policy

note

The centralized policy feature is not available for the Free & Home Editions. To enable the centralized policy feature, you must have either the SOHO or Business subscriptions.

To add a centralized policy:

  1. Click on the Add centralized policies button at the top right of the Policies pane. A window will open that lists the existing centralized policies.
  2. Select one of the centralized policies or click create centralized policy to create a new policy as shown in figure 8. For more information about centralized policies, please refer to Configuring policy.
  1. The centralized policy will be sent to the firewall. You will see the new policy in the policies list as shown in figure 9.

Adding a centralized policy

Figure 9. Adding a centralized policy

Policies list view with a centralized policy

Figure 10. Policies list view with a centralized policy

Removing a Centralized Policy

To remove a centralized policy:

  1. Click on the minus icon. A dialog box will open for confirming the removal of the policy.
  2. Click the Remove button. The policy will be removed from the firewall.

Removing a centralized policy

Figure 11. Removing a centralized policy

Ordering Policies

The sequence of policies is crucial for rule application. The policy at the top of the list is examined and implemented first if a match is found. The default policy is the policy that is implemented if none of the other policies match. The settings of the default policy cannot be modified or removed. It cannot be raised or lowered. Security / App / Web Control rules for the Default Policy may still be modified.

A policy may be easily reordered by dragging and dropping it inside the policy list.

Synchronizing a Policy with a Firewall

Zenconsole provides Real-time policy synchronization feature. When you enable the Real-Time Sync option on the Policies page, the changed policies will be synchronized to the firewall in real time.

If you don't enable Real-Time Sync option, a policy may be manually synchronized with your firewall by clicking on the synchronization button on the policy list view. This will send the policy to the node. If the synchronization has completed successfully, a notification message is displayed on the policy view and the synchronization icon is replaced with a solid blue circle with a checkmark icon for the policy.

Real-Time Sync option

Figure 12. Real-Time Sync option

Restore Point Overview

A restore point is an image of the Zenarmor policy configuration and settings in the Cloud which helps to restore the system to an earlier date when the system was running properly.

Restore Point Actions

Creating Restore Point (backup node policies)

note

The Firewall restore feature is available only for Premium subscriptions. For more information, please refer to plans & pricing.

To create a backup of your policies on the node:

  1. Click on the Create restore point at the top right corner of the Firewall restore pane. This will open a dialog box.
  2. Enter a description in the dialog box.
  3. Click on the Create button.

Creating restore point

Figure 13. Creating restore point

After the restore point creation has completed, you will see the list of restore points in the Firewall restore pane. The following information is present in this list:

  • Description of the restore point
  • Tag of the restore point (manual: restore point of policies created on the cloud portal manually. backup: local policies imported from the node automatically)
  • Creation date of the restore point
  • Restore button to restore a policy
  • Delete button to delete a policy

Firewall restore point list

Figure 14. Firewall restore point list

Restoring Node to a Point (restore node policies)

To restore your firewall to a point:

  • Click on the upload icon Upload. A dialog box will open for confirmation of the restore operation.
  • Click the Restore button. Your node will be restored to the state it was at that point.

Restoring node to a point

Figure 15. Restoring node to a point

Deleting a Restore Point (delete the backup of the policies)

To delete a restore point:

  • Click on the trash icon Trash. A dialog box will open to confirm the deletion of the restore point.
  • Click the Remove button. The restore point will be removed from the firewall restore point list.

delete a restore point

Figure 16. Deleting a restore point