Zones
|
Entering or leaving a device via an interface in a specific security zone
|
A security zone is a logical grouping of one or more interfaces
according to your deployment and security policies. Interfaces in a zone may be
located across multiple devices.
|
Networks
|
By its source or destination IP address, country, or continent
|
You can explicitly specify IP addresses. The geolocation feature
also allows you to control traffic based on its source or destination country
or continent.
|
VLAN Tags
|
Tagged by VLAN
|
The system uses the innermost VLAN tag to identify a packet by
VLAN.
|
Ports
|
By its source or destination port
|
You can control encrypted traffic based on the TCP port.
|
Users
|
By the user involved in the session
|
You can control encrypted traffic based on the LDAP user logged
into a host involved in an encrypted, monitored session. You can control
traffic based on individual users or groups retrieved from a Microsoft Active
Directory server.
|
Applications
|
By the application detected in a session
|
You can control access to individual applications in encrypted
sessions, or filter access according to basic characteristics: type, risk,
business relevance, and categories.
|
Categories
|
By the URL requested in the session, based on the certificate subject distinguished name
|
You can limit the websites that users on your network can access
based on the URL’s general classification and risk level.
|
Distinguished Names
|
The URL the user enters in the browser matches the Common Name (CN), or the URL is contained in the certificate's Subject Alternative Name (SAN)
|
You can control encrypted traffic based on the CA that issued a
server certificate, or the server certificate holder.
|
Certificates
|
By the server certificate used to negotiate the encrypted session
|
You can control encrypted traffic based on the server
certificate passed to the user’s browser in order to negotiate the encrypted
session.
|
Certificate Status
|
By properties of the server certificate used to negotiate the encrypted session
|
You can control encrypted traffic based on a server
certificate’s status.
|
Cipher Suites
|
By the cipher suite used to negotiate the encrypted session
|
You can control encrypted traffic based on the cipher suite
selected by the server to negotiate the encrypted session.
|
Versions
|
By the version of SSL or TLS used to encrypt the session
|
You can control encrypted traffic based on the version of SSL or
TLS used to encrypt the session.
|