Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
8.0.107
Athena NGFW (Next-Generation Firewall) {{ breadTitle }} User Manual Policies Bandwidth Management Channel Configuration Exclusion Rules
{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","Exclusion Rules")}}

Exclusion Rules

{{ $t('productDocDetail.updateTime') }}: 2026-02-05

The exclusion rule sets some types of data that do not match any traffic control channels. The purpose is to exclude part of the data from the traffic control policy. For example, when the device is deployed in network bridge mode and the DMZ of the front-end firewall is connected to some servers, there is no need to control the traffic of data accessing these servers on the LAN. This is because the data does not go through the internet and is not subject to the limitations on the internet bandwidth. In that case, set an exclusion rule for the applications and IP addresses of these servers.

Exclusion Rule User Setting

For example, the device is deployed in network bridge mode, and the DMZ of the front-end firewall is connected to some servers. In this case, exclude the data accessing the servers.

Step 1.Go to Objects > Network Objects, create a new IP group, and add the IP address to be excluded.

Step 2.Go to Policies > Bandwidth Management > Bandwidth Channel > Exclusion Rules, and click Add to add the exclusion rule.

Step 3.Set the exclusion rule. Enter the name of the rule, select All for the App Category parameter, and select Server set in Step 1 for the Destination parameter.

 

Step 4.Click OK to complete the settings.

The exclusion rule can also exclude those going to certain regions from bandwidth management.