Choose Policies→Security from the NFM-P main menu. The Security Policies form opens.

Click Create and choose Security Policy, or choose an existing security policy and click Properties. The Security Policy, Global Policy (Create|Edit) form opens with the General tab displayed.

Configure the required general parameters and click Apply. Additional tabs are enabled.

Assign a security policy entry to the security policy.

1. Click on the Security Policy Entry tab and click Create.

2. Configure the required general parameters.

3. Configure the required parameters in the Limit panel.

4. Select a security profile policy in the Profile panel.

   To create a security profile policy, see To configure a security profile policy for a 7705 SAR .

5. Configure the Logging parameter in the Logging panel.

6. If you configure the Logging parameter as To Log, select a Security Log policy. To create a security log policy, see To configure a security log policy for a 7705 SAR .

Configure the match criteria.

1. Click on the Match Criteria tab.

2. Configure the Flow Direction parameter.

3. Configure the required parameters in the Criteria panel.

   If you specified ICMP (1) as the Protocol, configure the parameters in the ICMP Properties panel.

   If you specified UDPTCP (*), TCP, or UDP as the Protocol, configure the parameters in the Port panel.

   If you enabled the Local parameter, the NAT panel appears. Configure the Destination IP Address and Destination Port parameters.

4. Select an Application Group.

5. Configure the Source IP Operator and Destination IP Operator parameters in the IP Address panel.

6. Select a Source Host Group.

7. Select a Destination Host Group.

Click OK to save the policy and close the form, or click Apply to save the policy. See To release and distribute a policy to release and distribute the policy to NEs.

End of steps