Device Configuration : Protect : Firewall : Business Application Rule
Business Application Rule
Business Application Rule
Business Application Rule is used to protect all internally or publicly hosted business applications or servers like SalesForce, Sharepoint etc. Using Business Application Rule, the administrator can configure protection of the HTTP/Non-HTTP/Public Non-HTTP servers from unauthorized access over the Internet. In a nutshell, if you are securing a server or service, use a Business Application Rule to allow internal or external users to access that service.
Business Application Rule can have three configurable templates:
1. HTTP Based Policy - HTTP Based policy is used to protect HTTP or generic web application servers hosted in the network. HTTP Based policy configuration is essentially WAF implementation but with additional benefit of defining WAF objects, rules, exceptions from the same page.
Sophos XG Firewall offers several pre-configured templates to address commonly used HTTP based applications. You can use these to create policy for the web application, that is close to your configuration, then modify it to fit your needs. Pre-defined HTTP application templates include:
Exchange Autodiscover
Exchange Outlook Anywhere
Exchange General
Microsoft Lync
Microsoft Remote Desktop Gateway 2008 and R2
Microsoft Remote Desktop Web 2008 and R2
Microsoft Sharepoint 2010 and 2013
2. Non-HTTP Based Policy - Non-HTTP Based policy is used to protect Non-HTTP servers, like mail or other servers hosted inside the network (LAN or DMZ). Using Non-HTTP Based policy, you can define access rights of such servers to users who require access over the WAN or Internet. Additionally, you can use the following Non-HTTP application template:
Email Server (SMTP)
3. Email Servers (POP and IMAP) - Email Servers (POP and IMAP) policy is used to protect mail servers which are hosted publicly (WAN) and require protection.
Adding a Business Application Rule
Click Policies and select IPv4 using the filter switch. Now, click on +Add Firewall Rule and select Business Application Rule. In the About this Rule section, you can select the Application Template from the list of available templates.
The application template allows you to choose the rule which suits the configuration of the required business application. Once you select the template, you can see the configuration page with few fields pre-populated. The pre-populated values eliminate the need to manually specify the configuartion for securing your business application, but you may customize the settings according to your network setup or other requirement.