Fortinet black logo

Administration Guide

Security rules

Copy Link
Copy Doc ID dc02a854-ab11-11ea-8b7d-00505692583a:27956
Download PDF

Security rules

Create and manage security rules based on triggers that correlate incoming events from network devices. When a security event is received, the highest ranked security rule with a trigger satisfied and a matching User/Host profile creates a security alarm. The rule may then take an action automatically.

Settings

An empty field in a column indicates that the option has not been set.

Field

Definition

Rank

Moves the selected rule up or down in the list. Incoming events are compared to rules in order by rank.

Set Rank

Allows you to type a different rank number for a selected rules and immediately move the rule to that position. In an environment with a large number of rules this process is faster than using the up and down buttons.

Table columns

Rank

Rule's rank in the list of rules. Rank controls the order in which incoming events are compared to Security Rules.

Name

User defined name for the security rule.

Enabled

Indicates whether the rule has been enabled.

Trigger

The set of events that will activate the rule if the rule is enabled.

Host Profile

The host profile to which the security rule applies.

The = sign indicates the host must match the user host profile. The ≠ indicates the host must not match the user host profile.

An alarm is triggered when the security rule is satisfied.

Action

The action that will be associated or automatically taken when the security rule is activated.

Rule Match Email Group

If enabled in the security rule, the administrator group that will receive an email when the rule creates an alarm.

Action Taken Email Group

If enabled in the security rule, the administrator group that will receive an email when an action is taken on the created alarm.

Last Modified By

User name of the last user to modify the security rule.

Last Modified Date

Date and time of the last modification to this security rule.

Right click options

Delete

Deletes the selected security rule.

Modify

Opens the Modify Security Rule window for the selected security rule.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Admin auditing.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

Security rules

Create and manage security rules based on triggers that correlate incoming events from network devices. When a security event is received, the highest ranked security rule with a trigger satisfied and a matching User/Host profile creates a security alarm. The rule may then take an action automatically.

Settings

An empty field in a column indicates that the option has not been set.

Field

Definition

Rank

Moves the selected rule up or down in the list. Incoming events are compared to rules in order by rank.

Set Rank

Allows you to type a different rank number for a selected rules and immediately move the rule to that position. In an environment with a large number of rules this process is faster than using the up and down buttons.

Table columns

Rank

Rule's rank in the list of rules. Rank controls the order in which incoming events are compared to Security Rules.

Name

User defined name for the security rule.

Enabled

Indicates whether the rule has been enabled.

Trigger

The set of events that will activate the rule if the rule is enabled.

Host Profile

The host profile to which the security rule applies.

The = sign indicates the host must match the user host profile. The ≠ indicates the host must not match the user host profile.

An alarm is triggered when the security rule is satisfied.

Action

The action that will be associated or automatically taken when the security rule is activated.

Rule Match Email Group

If enabled in the security rule, the administrator group that will receive an email when the rule creates an alarm.

Action Taken Email Group

If enabled in the security rule, the administrator group that will receive an email when an action is taken on the created alarm.

Last Modified By

User name of the last user to modify the security rule.

Last Modified Date

Date and time of the last modification to this security rule.

Right click options

Delete

Deletes the selected security rule.

Modify

Opens the Modify Security Rule window for the selected security rule.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Admin auditing.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.