Context Types for Cloud Firewall Policies
This section describes the context types that can be selected for Cloud Firewall policies (Network layer policies)
From the Management Console, select , select a context type and provide the details.
To apply more than one context type, click the + button at the right, select an additional context type and details.
| Context Type | Options |
|---|---|
| Users | Choose All or Selected. For Selected, enter a valid email address for each user. Separate each address with a comma. |
| User Group |
User groups are organized into directories for clearer organization. When you select User Group as a context type, the available directories containing the groups are listed in the left column. Select a directory to view the user groups it contains. The user groups for that directory are displayed in the right column. Select the groups from the list and click the right-arrow icon to move them to the Selected User Groups column and click Save. These are the groups to which the policy will apply. To search for a directory or group, click the Search icon at the top of the left column. To refresh the list, click the Refresh icon at the top of the left column. |
| Location | Check one or more countries, or check Select All. |
| Device Profile |
Select a context type and a target for each type. Managed status: Select an option. ▪ Managed ▪ Unmanaged Compliance Status: Select one or more options. Protected ▪ Disconnected ▪ Compliant ▪ Non-Compliant Depending on what you select, some other options are disabled. For example, if you select Protected, Disconnected is disabled. If you select Disconnected, Protected is disabled. Threat Status: Select one or more options. ▪ Secure ▪ Low ▪ Medium ▪ High Click the + sign at the right to add additional Device Profile contexts. When all of the context options for Device Profile have been selected and configured (Managed Status, Compliance Status, and Threat Status), no additional targets can be selected if another Device Profile context rule is added. |
| Device OS |
From the Match prompt select an operator: Equal To, Not Equal To, Greater Than, or Less Than. Then, from the Device OS prompt, select an OS and an OS version. If you choose Equal To or Not Equal To, you can select multiple OS versions or click Select All. If you choose Greater Than or Less Than, you can only choose one OS version from each category. After selecting the desired OS versions, click Save. Device OS context policies are currently only supported on OS versions under 11 for both Windows and MacOS. |
| User Risk |
The User Risk specifies a risk level for the user accessing the cloud application. Select a risk score level: Low & Above, Medium & Above, or High. |
| Enterprise Sites |
Select Enterprise Sites as the Context Type and select a site for the Context. |
| Branch IP | Select Branch IP as the Context Type and enter an IP address for the Context. Here you should define source IP networks from which devices or users are connecting. |
| Source IP |
Select a valid IP address range. (Optional) To enter an additional range, click the + icon and enter the range. Click Save. |
| IP Risk Score | Select a risk score level: Low & Above, Medium & Above, or High. |
