Applies To:
Show VersionsBIG-IQ Centralized Management
- 5.3.0
About service, timer, and port misuse policies
A service policy allows you to associate network idle timers (timer policies) or port misuse policies with firewall contexts and rules.
You can discover a service policy on a BIG-IP® device version 12.0, or later. Or you can create one on a BIG-IQ® Centralized Management system, and then deploy it to a BIG-IP device version 12.0, or later.
A service policy can contain timer policies, or port misuse policies, or both. You create service policies, timer policies, and port misuse policies separately, and then you add the timer policies or port misuse policies to the service policies. Then you associate the service policy with the firewall context or rule.
- You use a timer policy, also known as a firewall idle timer, to configure timer rules. You can discover a timer policy on a BIG-IP device version 12.0, or later, or create one on a BIG-IQ Centralized Management system, and then deploy it to a BIG-IP device version 12.0, or later.
- You use a port misuse policy to configure a firewall context or rule to detect and drop network connections that are not using a required application or service for a given port. With a port misuse policy, you can configure ports to allow services, and drop all traffic that does not match the specified service type. You can configure port and service associations without regard for customary port and service pairings. You can discover a port misuse policy on a BIG-IP device version 12.1, or later, or create one on a BIG-IQ Centralized Management system, and then deploy it to a BIG-IP device version 12.1, or later.
Create a timer policy
Clone a timer policy
- Navigate to the Timer Policies screen: click .
- Select the check box to the left of any timer policy you want to clone.
- Click Clone.
Delete a timer policy
- Navigate to the Timer Policies screen: click .
- Select the check box to the left of any timer policy that you want to remove.
- Click Delete.
- Confirm that you want to remove the timer policy by clicking Delete in the confirmation dialog box.
Create a port misuse policy
Clone a port misuse policy
- Navigate to the Port Misuse Policies screen: click .
- Select the check box to the left of any port misuse policy you want to clone.
- Click Clone.
Delete a port misuse policy
- Navigate to the Port Misuse Policies screen: click .
- Select the check box to the left of any port misuse policy that you want to remove.
- Click Delete.
- Confirm that you want to remove the port misuse policy by clicking Delete in the confirmation dialog box.
Create a service policy
Clone a service policy
- Go to the Service Policies screen: Click .
- Select the check box to the left of any service policy you want to clone.
- Click Clone.
Deploy a service policy
- Go to the Service Policies screen: Click .
- Select the check box to the left of any service policy you want to deploy.
- Click Deploy.
Delete a service policy
- Click .
- Select the check box to the left of any service policy you want to remove.
- Click Delete.
- In the confirmation dialog box, click Delete to confirm that you want to remove the service policy.
Apply a service policy to a firewall context
Apply a service policy to a firewall rule
-
Display the list of rules from a rule list or from a firewall security
policy.
Option Description If the rule is in a rule list: Navigate to the Rule Lists screen: click . Click the name of the rule list containing the rule. The screen lists the rules.If the rule is associated with a policy: Navigate to the Firewall Policies screen: click . Click the name of the policy containing the rule. The screen lists the rules. - To make it editable, click the edit icon to the left of the name of the rule to which you want to add the service policy.
-
Add the service policy to the rule.
Option Description Add the service policy by typing. Type the name of the service policy in the Service Policy column for the rule. The system completes name of the service policy once you begin typing the name. Add the service policy by drag and drop. In the Shared Objects area, select Service Policies, and then drag the service policy from that list and drop it into the Service Policy column for the rule. - Save your changes.