Business application rule

Business application rule is used to protect internally or publicly hosted business applications or servers like SalesForce, Sharepoint etc.

Adding a business application rule

Using business application rule, the administrator can configure protection of the http and non-http web servers from unauthorized access over the internet. You can also control access of protected server or services through a business application rule.

Several templates are available that cover protection configuration for a variety of different types of http and non-http web servers and application. A list of these application templates appear on the business application rule page.

Go to Firewall and select IPv4. using the filter switch. Now, click on +Add firewall rule and select Business application rule. You can then select the Application template from the list of available templates.

The application template allows you to choose the rule which suits the configuration of the required business application. Once you select the template, you can see the configuration page with few fields pre-populated. The pre-populated values eliminate the need to manually specify the configuration for securing your business application, but you may customize the settings according to your network setup or other requirements.

  1. DNAT/Full NAT/load balancing rule: It is used to protect non-web servers, like mail or other servers hosted inside the network (LAN or DMZ). Using this template, you can define access rights of such servers to users who require access over the WAN or internet. Additionally, you can use the following non-web application template:
  2. Email server (SMTP): Email server (SMTP) rule is used to protect mail servers which are hosted internally in a network and require protection.
  3. Email clients (POP & IMAP): Email clients (POP and IMAP) rule is used to protect mail servers which are hosted publicly (WAN) and require protection.

    If you delete email clients rule, the emails which are under process by this rule will be queued but will not be delivered.

    We recommend to follow below given steps so that you do not lose all the emails processed by this rule:

    1. Before deleting this rule, clone this rule by choosing Clone above option and change the Action to Drop. This cloned rule will hold all the incoming emails.
    2. Go to Email > Mail spool and check if spool is empty.
    3. Once the spool is empty, delete both the firewall rules.