Configure settings for Automatic rules

View a summary of Automatic rules and manage related settings in the Engine Editor.

Before you begin

The Template Policy used on the engine must contain the Automatic Rules Insert Point.

To add the Automatic Rules Insert Point manually, open the Template Policy for editing, right-click the ID cell of any rule, and select Add Automatic Rules Insert Point. You can add the Automatic Rules Insert Point anywhere in the Template Policy.

In the Automatic Rules section of the Engine Editor, you can set the log level and possible Alert element for Automatic rules. For Firewalls, Virtual Firewalls, and Master NGFW Engines, you can also define whether traffic from the engine to authentication ports is allowed.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Right-click an engine, then select Edit <element type>.
  3. Browse to Policies > Automatic Rules in the navigation pane on the left.
  4. Configure the settings.
  5. Click Save.
    Note: If you enable the ZTNA connector in the Engine Editor, you will view "Traffic from the Engine to the Forcepoint ONE ZTNA connection". For more information, see Engine Editor > Add-Ons > ZTNA Connector.

Engine Editor > Policies > Automatic Rules

Use this branch to view a summary of currently used Automatic rules and change general settings for Automatic rules.

Option Definition
To Firewall section

(Firewall/VPN role only)

Allow Traffic to Authentication Ports When Yes is selected, allows traffic to the ports that are used for user authentication.
Allow Traffic from Listening IP Addresses to DNS Relay Port When Yes is selected, allows traffic from clients in the internal network to the standard DNS ports (53/TCP and 53/UDP) on the interfaces that are selected as listening interfaces for DNS relay.
From Firewall section

(Firewall/VPN role only)

Allow Connections to Domain-Specific DNS Servers When Yes is selected, allows connections from the firewall to the domain-specific DNS servers specified in the DNS Relay Profile element that is selected for firewall.
Allow Connections from Local DHCP Relay to Remote DHCP Server When Yes is selected, allows connections from interfaces on which DHCP relay is active to remote DHCP servers.
Note: To relay DHCP messages through a policy-based VPN, you must add specific Access rules to allow the traffic. The Access rules must refer to the correct policy-based VPN.
Log Level for Automatic Rules The log level for traffic that matches automatic rules.
  • None — Does not create any log entry.
  • Alert — Triggers an alert entry.
  • Essential — Creates a log entry that is shown in the Logs view and saved for further use.
  • Stored — Creates a log entry that is stored on the Log Server.
  • Transient — Creates a log entry that is displayed in the Current Events mode in the Logs view (if someone is viewing it) but is not stored.
Alert When the Log Level is set to Alert, specifies the Alert that is sent.
Reset to Default Settings Returns Automatic Rule changes to the default settings.