Install a predefined policy on IPS engines and Layer 2 Engines

To be able to inspect traffic, the Secure SD-WAN Engine must have a policy installed. Installing a predefined policy provides an easy way to begin using the system. You can then fine-tune the policy as needed.

Table 1. Default Policy elements for IPS engines and Layer 2 Engines
Element type Default element name Description
IPS Template Policy High-Security IPS Template

IPS Template Policy that uses Inspection rules from the High-Security Inspection Template.

A Template Policy containing the predefined Access rules necessary for the IPS engine to communicate with the SMC and some external components.

The High-Security IPS Template Policy provides an easy starting point for determining what kinds of rules your system needs.

Medium-Security IPS Template IPS Template Policy that uses Inspection rules from the Medium-Security Inspection Policy.
IPS Policy Customized High-Security Inspection IPS Policy Example of a customized IPS Policy that uses Inspection rules from the Customized High-Security Inspection Template. Used in testing Secure SD-WAN in the IPS role at ICSA Labs and NSS Labs.
Default IPS Policy

Basic IPS Policy that uses Inspection rules from the High-Security Inspection Template. Can be used as a starting point for creating a customized IPS Policy.

The Default IPS Policy does not add any rules to the rules defined in the IPS Template. It allows you to install the predefined rules in the IPS Template on the IPS engine right after installation. (Template Policies cannot be installed on the Secure SD-WAN Engine.)

Layer 2 Engine Template Policy Layer 2 Engine Template

A Template Policy that contains the predefined Access rules necessary for the Layer 2 Engine to communicate with the SMC and some external components.

The Layer 2 Engine Template uses Inspection rules from the No Inspection Policy. The rules in the No Inspection Policy do not enforce inspection.

Layer 2 Engine Inspection Template

A Template Policy that is based on the Layer 2 Engine Template.

The Layer 2 Engine Inspection Template uses Inspection rules from the High-Security Inspection Template. The Layer 2 Engine Inspection Template enables deep inspection for all traffic.

Inspection Policy No Inspection Policy Suitable for Engine deployments, in which only packet filtering is needed. Disables deep packet inspection.
Medium-Security Inspection Template For Engines, Layer 2 Engines, inline IPS deployments in asymmetrically routed networks, and IPS deployments in IDS mode. Terminates reliably identified attacks and logs Situations that have some degree of inaccuracy. Low risk of false positives.
High-Security Inspection Template For Engine, Layer 2 Engine, and inline IPS use. Extended inspection coverage and evasion protection. Not for asymmetrically routed networks. Terminates reliably identified attacks, and Situations that have some inaccuracy. Moderate false positive risk.
Customized High-Security Inspection Policy This policy is an example of a highly customized Inspection Policy for network environments in which unconditional inspection coverage and evasion protection are required. The risk of false positives is high in production use.

The default policy elements might change when you import and activate a dynamic update package. You cannot modify any of the default policy elements, but you can make your own policies based on a copy of a default policy. For more information, see the Forcepoint FlexEdge Secure SD-WAN Product Guide.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Browse to Policies > IPS Policies or Policies > Layer 2 Engine Policies.
  3. Right-click a predefined policy, then select Install Policy.
  4. Select one or more Secure SD-WAN Engines, then click Add.
  5. Click OK.
    A new tab opens to show the progress of the policy installation.
  6. Check that the policy installation is successful.