Device Configuration : Protect : Add Business Application Rule (Web Server Protection (WAF)) : Email Clients (POP and IMAP)
Email Clients (POP and IMAP)
1. Go to Device Configuration > Protect > Firewall and select between IPv4 or IPv6 using the default filter.
2. Now, click +Add Firewall Rule and select Business Application Rule.
3. Specify the general rule details.
Application Template
Select Email Clients (POP & IMAP) to define a application filter policy for POP and IMAP based email clients.
Description
Specify the rule description.
Rule Position
Specify the position of the rule.
Available Options:
* Top
* Bottom
* Rule Position can only be specified while creating a rule.
Rule Name
Specify a name to identify the rule.
* Rule Name can only be edited while creating a rule.
4. Specify Source details.
Zone
Select the allowed source zone(s).
Networks
Select the allowed source network(s) . A new network host can be created directly from this page or from the Device Configuration > System > Host and Services > IP Hosts page.
5. Specify Destination details.
Zone
Select the zone to which the rule applies.
Networks
Select the network(s) to be protected.
A new network host can be created directly from this pager from the Device Configuration > System > Host and Services > IP Hosts page.
6. Specify Identity details.
Match rule based on user identity
Click to enable a rule based on the user identity.
Show Captive Portal to unknown users
Select the check box to accept traffic from unknown users. Captive portal page is displayed to the user where the user can login to access the Internet.
Clear the check box to drop traffic from unknown users.
User or Groups (only available if Match rule based on user identity is enabled)
Select the user(s) or group(s) from the list of available options.
Exclude this user activity from data accounting (only available if Match rule based on user identity is enabled)
Click to enable/disable user traffic activity from data accounting.
By default, user’s network traffic is considered in data accounting. Select to exclude certain traffic from user data accounting. The traffic allowed through this rule will not be accounted towards data transfer for the user.
7. Specify Malware Scanning details.
Scan IMAP/IMAPS/POP3/POP3S/SMTP/SMTPS
Click to enable/disable scanning of IMAP/IMAPS/POP3/POP3S/SMTP/SMTPS traffic.
8. Specify Advanced settings.
a. Specify Policies for Business Applications.
Intrusion Prevention
Select an IPS policy for the rule. A new IPS policy can be created directly from this page itself or from the Device Configuration > Protect > Intrusion Prevention > IPS Policies page.
Traffic Shaping (Not available if Match rule based on user identity is selected)
Select a traffic shaping policy for the rule.
A traffic shaping policy allocates & limits the maximum bandwidth usage of the user.
A new traffic shaping policy can be created directly from this pager from the Device Configuration > Protect > Intrusion Prevention > IPS Policies page.
b. SpecifySecurity Heartbeat settings (only available if IPv4 is selected).
Minimum Source HB Permitted
Select a minimum health status that a source device must have to conform to this rule. Health status can be either Green, Yellow or No Restriction. If the health criterion is not met, access and privileges defined in this rule will not be granted to the user.
Block clients with no heartbeat
Heartbeat-capable devices can be required to send information on their health status in defined intervals - this is called a heartbeat.
Based on that information, you can restrict a source device's access to certain services and networks.
Enable/disable the option to require the sending of heartbeats.
Minimum Destination HB Permitted
Select a minimum health status that a destination device must have to conform to this rule. Health status can be either Green, Yellow or No Restriction. If the health criterion is not met, access and privileges defined in this policy will not be granted to the user.
Block request to destination with no heartbeat
Heartbeat-capable devices can be required to send information on their health status in defined intervals - this is called a heartbeat.
Based on that information, you can block requests to destinations not sending heartbeat.
Enable/disable the option to require the sending of heartbeats.
c. Specify Routing details.
Rewrite source address (Masquerading)
Enable/disable to re-write the source address or specify a NAT policy.
Use Gateway Specific Default NAT Policy (only if Masquerading is selected)
Select to override the default NAT policy with a gateway specific policy.
Override default NAT policy for specific Gateway (only if Use Gateway Specific Default NAT Policy is selected )
Select to specify gateway and corresponding NAT policy. Multiple gateways and NAT policies can be added.
Use Outbound Address (only available if Rewrite source address is enabled and Use Gateway Specific Default NAT Policy is disabled )
Select the NAT policy to be applied the list or available NAT policies.
A new NAT policy can be created directly from this pager from the Device Configuration > System > Profiles > Network Address Translation page.
The default NAT policy is Masquerade.
Primary Gateway
Select the primary gateway to route the request. You can create new gateway from this page itself or from Device Configuration > Configure > Routing > Gateways .
* On deletion of the gateway, Primary Gateway will display WAN Link Load Balance for WAN Destination Zone and None for other zones. In such case, firewall rule will not make routing decisions.
Backup Gateway
Select the backup gateway to route the request. You can create new gateway from this page itself or from Device Configuration > Configure > Routing > Gateways .
* On deletion of the gateway, Backup Gateway will display None.
9. Specify logging option for the user application traffic.
Log Firewall Traffic
Click to enable logging of permitted and denied traffic.