Moving rules in the rulebase has never been easier
Showing results for 
Search instead for 
Did you mean: 
L7 Applicator

This is probably a scenario familiar to many:


It's (way too) early in the morning and you're asked to quickly add a security rule for Paul as he needs to have SSH access to some remote customer devices on dynamic IPs. You haven't had your first coffee yet, so with one eye still closed, you create a rule you'll remember to delete later, give it the proper source, destination and application and hit ok. Then you notice it was created at the bottom of the security policy because you hadn't selected another rule to indicate where you wanted to have it created. Now it's at the bottom but it needs to be near the top.

Paul's new rule - at the bottom but needs to be near the top

Sleep-faced, you need to figure out how to get the rule in the right spot as it won't work if you leave it there. Luckily, there are several ways to accomplish this! Once you select the rule, the 'move' button lights up near the bottom of the policy viewer. This button allows you to move any selected rule (multiselect is available) up or down one spot, or to the top or end of the rulebase.


If you select multiple rules and select to move one up or one down, all the selected rules will be grouped and placed one spot above the highest rule when moving up and one spot below the lowest rule when moving down, or all grouped at the top or bottom if top or bottom is selected:


Multiple rules can be moved at once

The move button only lets you move a rule one line, or to the top or bottom, but doesn't provide much flexibility if you need a rule to be moved to a specific spot in your security policy. If the rulebase is not too lengthy, you can also click and drag one or multiple rules to a desired location in the rulebase.


Moving rules with the click of a button

Lastly, if your security rule is very long or you don't have a lot of wiggle room and click/drag is not an easy feat, you can still move the rule to a specific spot on the rulebase by using the rule's own move option:


Using the individual move option


Now the rule has been created and put in the right spot --  the only thing left to do is commit the policy and get a coffee!




Reaper out, getting a coffee...



L4 Transporter

I see in this blog that there is a interchanging of the words rulebase, policy, and rules. Of these three, I agree that Policy and Rulebase can be interchanged, but I dare not confuse a rule with a policy (or rulebase) where it resides.


We start by clicking on a tab labeled Policies. We see on the left that there are Security, NAT, QoS, etc... policies. When we select on of these, we then see a table on the right that displays all of the rules in the displayed policy.


You just created and then relocated a rule in the Security Policy. That's really cool! I had no idea I could move multiple rules at one time!


I think that we should all refer to these as Policies (because it is the tab's label) and that they contain rules (because we all seem to agree that each line in a policy is a rule

L7 Applicator

Thanks for pointing that out @jjosephs

As you may have guessed, this blog was written before I had my first coffee and there are only so many ways to say 'rule' in a single sentence ;)


i've updated the article to be more correct in the verbiage

L4 Transporter

Hey @reaper, enjoy that mornin' cup of coffee and thank you!

Register or Sign-in
Top Liked Authors