Skip to main content

Firewall policy actions

Policy actions determine what to do when it encounters a policy violation. Repository Firewall quarantine actions are controlled through the Proxy stage action.

There are three possible actions Repository Firewall can take in response to a policy violation:

  • No Action - The default action, where policy violations are only displayed in the Repository Results view.

  • Warn - Not used for Firewall; comparable to No Action at the proxy stage.

  • Fail - Will quarantine any newly requested components that violate the policy.

To Set the Fail Action

  1. Log in to IQ Server

  2. Select Orgs and Policies from the sidebar

  3. Select the desired policy-level Root Organization or Repositories

  4. Select the policy you wish to trigger the quarantine action

  5. Set the Proxy stage action to Fail

  6. Select Update

To create a new policy that triggers the quarantine, see the Configuring Policies documentation.

Fail Action Considerations

Here are some additional considerations for using the Fail action at the Proxy stage:

  • The quarantine will not trigger if your proxy repository is not configured with Repository Firewall

  • Only new components are quarantined; quarantine will not break existing builds requesting components already in use.

  • In the event of a service failure, you will not be able to proxy new components unless you disable the Repository Firewall on your proxy repository.

    • Examples of service failure include:

      • your Sonatype license has lapses

      • IQ Server is unreachable

      • IQ Server connection has been disabled

    • Disabling the Repository Firewall will unblock quarantined components

  • Build logs may only show a 404 error for quarantined components. Let all developers and stakeholders know if quarantine is in use.