Editing the Default Firewall Filtering Rule


Editing the Default Firewall Filtering Rule

The Firewall Filtering policy has one default rule, which allows all TCP, UDP and ICMP traffic. The default rule always maintains the lowest precedence and cannot be deleted. Only admins with the super admin role can modify the default rule. Also, see the recommended Firewall Control policy.

To edit the default Firewall Filtering rule:

  1. Go to Policy > Firewall Control.
  2. Navigate to the Default Firewall Filtering Rule, and click the Edit icon.
    See image.
  3. In the Edit Firewall Filtering Rule window, do the following:
    See image.
    • Network Traffic: Choose a network traffic action.
      • Allow: Allows packets that match the rule to pass through the firewall.
      • Block/Drop: Silently drops all packets that match the rule. This is the default action.
      • Block/ICMP: Drops all packets that match the rule and sends the client an ICMP error message of Type 3 (Destination Unreachable) and code 9 or 10 (network/host administratively prohibited).
      • Block/Reset: For TCP traffic, the Zscaler service drops all packets that match the rule and sends the client a TCP reset (a TCP packet with the "reset" (RST) flag is set to 1 in the TCP header, indicating that the TCP connection must be instantly stopped). For non-TCP traffic, same as Block/Drop.
    • Logging: Choose the logging action.
      • Aggregate: The service groups together individual sessions based on the user, rule, network service, network application and records the sessions periodically.
      • Full: The service logs all sessions of the rule individually, except HTTP(S). Only the Block rules support full logging. Full logging on all other rules requires the Full Logging subscription.
  4. Click Save and activate the change.

Screenshot of Firewall Filtering Policy page showing buttons and list used to manage Zscaler Cloud Firewall rules 

Screenshot of the Edit Firewall Filtering Rule window for the default rule