Network Policy Alert
The Network Policy Alert allows for auditing your firewall policies. The Network Policy Alert Rules should mirror your firewall policy rules. Any firewall messages matching the Deny Policy Action Rules will trigger the alert. Any firewall messages outside of the Accept Policy Action Rules also trigger the alert.
Request Parameters
FewerThan, MoreThan, alertFilter, policyAction, srcIPMin, srcIPMax, srcPortMin, srcPortMax, destIPMin, destIPMax, destPortMin, destPortMax, protocol
Example
“FewerThan/100//MoreThan/10//alertFilter/False//policyAction/Accept//srcIPMin/10.1.2.3//srcIPMax/255.255.255.255//srcPortMin/0”
//srcPortMax/100//destIPMin/10.1.1.123//destIPMax/255.255.255.255 //destPortMin/0//destPortMax/100//protocol/all”
The following table lists the Network Policy Alert-specific parameters. You must include the parameters as inputs for the alertRules parameter.
| Parameter | Description | Values | Required | Type |
|---|---|---|---|---|
| AlertFilter | Alert filter used for the alert. | Possible values:
None, False Acceptance, False Rejection None — Report on both False Rejection and False Acceptance traffic. False Acceptance — Report only the traffic that passed the firewall, but should have been rejected according to this policy. False Rejection — Report only the traffic that the firewall denied, but should have been accepted according to this policy. |
yes | string |
| PolicyAction | Type of policy rules.
At least one firewall rule for the selected Policy Action is required for the alert to trigger. Use the IP and Port parameters in this table to specify the details for the accept or deny policy action. |
Possible values:
Accept, Deny Accept - policy rules that define network traffic that the firewall should accept. Deny — policy rules that define network traffic that the firewall should reject. |
yes | string |
| srcIPMin | The minimum limit for your Source IP addresses. This is for incoming and outgoing traffic that accesses your firewall.
The srcIPMin and srcIPMax parameters make up the source IP range. |
Standard IP address format. For example:
0.0.0.0.0 |
yes | string |
| srcIPMax | The maximum limit for your Source IP addresses. This is for incoming and outgoing traffic that accesses your firewall.
The srcIPMin and srcIPMax parameters make up the source IP range. |
Standard IP address format. For example:
255.255.255.255 |
yes | string |
| srcPortMin | The lower limit range for your source ports. This is for incoming and outgoing traffic that accesses your firewall.
The srcPortMin and srcPortMax parameters make up the source port range. |
Valid ports are ports 0 through 65,535. | yes | string |
| srcPortMax | The upper limit range for your source ports. This is for incoming and outgoing traffic that accesses your firewall.
The srcPortMin and srcPortMax parameters make up the source port range. |
Valid ports are ports 0 through 65,535. | yes | string |
| destIPMin | The minimum limit for your destination IP addresses. This is for incoming and outgoing traffic that accesses your firewall.
The destIPMin and destIPMax parameters make up the destination IP range. |
Standard IP address format. For example:
10.1.2.3 |
yes | string |
| destIPMax | The maximum limit for your destination IP addresses. This for incoming and outgoing traffic that accesses your firewall.
The destIPMin and destIPMax parameters make up the destination IP range. |
Standard IP address format. For example:
255.255.255.255 |
yes | string |
| destPortMin | The lower limit range for your destination ports. This is for incoming and outgoing traffic that accesses your firewall.
The destPortMin and destPortMax parameters make up the destination port range. |
Valid ports are ports 0 through 65,535. | yes | string |
| destPortMax | The upper limit range for your destination ports. This is for incoming and outgoing traffic that accesses your firewall.
The destPortMin and destPortMax parameters make up the destination port range. |
Valid ports are ports 0 through 65,535. | yes | string |
| protocol | Protocol associated with the specified IP address
TIBCO LogLogic Appliances support ICMP, TCP, and UDP protocols. |
Possible values:
tcp; udp; icmp; tcp, udp; tcp, icmp; udp, icmp; tcp, udp, icmp; all The default is all, for all protocols. |
yes | string |