IntroductionForcepoint ONE Firewall is a cloud-based firewall capability for all ports and protocols whose communication is initiated in the outbound (site or device to Internet) direction. It includes granular firewall policies, malware detection, Layer 7 Deep Packet Inspection (DPI), and an industry-leading Intrusion Prevention System (IPS) and threat protection service.
Help and support Access Forcepoint help and support services for assistance and troubleshooting.
Product Updates This section provides details about the known and resolved issues for Forcepoint ONE | Firewall application.
Known and resolved issues This topic lists the resolved issues, current known issues and their possible workarounds.
Forcepoint ONE | Firewall overview You can use the Firewall application to do the following:
Accessing the online help documentationFollow the steps below to access the Forcepoint ONE | Firewall online help documentation:
Deploy changesAny change that affects a policy, such as a rule configuration change or updates to an object must be deployed before the change becomes active. The deploy action publishes the change to Forcepoint firewall engines.
Getting StartedThis topic provides information about how to get started with the Forcepoint ONE | Firewall.
Accessing Forcepoint ONE | FirewallYou can access the Firewall application from the Forcepoint ONE portal only if the Firewall application is configured and licensed for your tenant.
Accessing Forcepoint ONE | Secure Service EdgeThis topic provides information on how to access the Forcepoint ONE | Secure Service Edge (SSE) application.
Workflow for new users For new users, the Forcepoint ONE | Firewall service involves the following high-level steps:
Workflow for existing users For existing users, the Forcepoint ONE | Firewall service involves the following high-level steps:
Dashboard The Dashboard displays a summary of firewall activity for a time period.
Dashboard filtersYou can use the Filter to customize the data that is displayed on the Dashboard or Logs page.
Time period drop-down menu You can select the time period for the dashboard by using the Time period drop-down menu. The reporting information is displayed for the selected time period.
Logs The Logs page displays detailed log information for the information displayed on the Dashboard summary page.
Related eventsYou can use the related events filter to display events related to the selected table row in the Logs page.
Event detail panel The Event detail panel displays detailed information about each event in the Logs table.
Log Export The Log Export page provides access to an exported log file of the past 30 days of traffic.
Policy The Policy is used to control access to objects such as protocols, sites, applications, possible threat situations, or any combination thereof. It is also used to inspect and secure the traffic that is routed through the firewall.
All Policies Page Overview The All Policies page provides access to all policies that are configured for your firewall application. Use this section to view and edit existing policies, or to create new policies.
Deploy History The Deploy history table displays the status of the last 50 policy deployments of your account.
Objects Objects are reusable elements that can be assigned to policies to create traffic filtering rules and inspection rules.
Sites A site is a geographical location, data center, or cloud service that connects to the service using traffic tunneling. Sites represent your application hosting locations.
Network & HTTP/3 Applications Network applications are system-defined resources and are used in application rules to allow or block access to non web-based applications in the Application policy stage.
Threat SituationsThreat situations are system-defined resources used to block threats and suspicious traffic as part of threat inspection policy. It defines traffic signature patterns that are used by deep packet inspection to identify potentially malicious traffic.
Network ServicesNetwork services are used to match traffic in network policies, based on protocol information, protocol/port combinations, or ICMP type and code information.
Source IP address lists Source IP address lists consist of a name, description, and a list of IP addresses that are used to identify traffic by its originating address in order to restrict allowed incoming traffic to your applications.
Destination IP Address Lists Destination IP address lists consist of a name, description, and a list of IP addresses that are used to identify traffic by its destination address.
Domain Name lists Domain name lists consist of a name, description, and a list of fully qualified domain names (FQDNs). It is used to identify traffic by its destination address by using the FQDN of the request. Each FQDN is automatically resolved to one or more IP addresses.