Policies are key elements that contain rules for allowing or blocking network traffic and inspecting the content of traffic.
Read the following examples of NAT rules.
This online help was created for Forcepoint Next Generation Firewall (Forcepoint NGFW), version 7.0.0.
Before setting up Forcepoint Next Generation Firewall (Forcepoint NGFW), it is useful to know what the different components do and what engine roles are available.
Before you can set up the system and start configuring elements, you must consider how the different SMC components should be positioned and deployed.
After deploying the SMC components, you are ready to start using the Management Client and carrying out some of the first configuration tasks.
You can use the SMC to monitor system components and third-party devices. You can also view and filter logs, and create Reports from them.
You can command and set options for engines through the Management Client or on the engine command line. You can also stop traffic manually.
Security Management Center (SMC) configuration allows you to customize how the SMC components work.
You can create and modify Firewalls, IPS engines, Layer 2 Firewalls, Master NGFW Engines and Virtual NGFW Engines. You can configure the NGFW Engine properties, activate optional features, and configure advanced NGFW Engine settings.
Use the Management Client to configure static or dynamic routing, and use a Multi-Link configuration to manage and distribute inbound and outbound connections.
Policy elements are containers for the rules that determine how NGFW Engines, Master NGFW Engines, and Virtual NGFW Engines examine traffic. The policy elements for the engines include Template Policies, Policies, and Sub-Policies.
Access rules are lists of matching criteria and actions that define how the engine treats different types of network traffic. They are your main configuration tool for defining which traffic is stopped and which traffic is allowed.
Network address translation (NAT) replaces the source or destination IP addresses in packets with other IP addresses. NAT rules define how NAT is applied to traffic.
Address translation is configured as part of the Firewall Policy using NAT rules.
If NAT is needed between SMC components, you must define Contact Addresses for the communications so that the components use the correct address for contact when needed.
You can use NAT for outbound load-balancing.
Automatic proxy ARP requires an explicit route to the host or network to be configured in the Routing pane of the Engine Editor.
Protocols of the Protocol Agent type help with problems related to certain complex protocols and NAT.
These examples illustrate some common uses for NAT rules and the general steps on how each example is configured.
This example shows a static address translation that translates the addresses in one network to IP addresses in another network.
This example shows a dynamic address translation that translates the addresses in one internal network to a single external address for general web browsing.
This example shows a static address translation that translates the external IP address of a web server to the server’s internal address.
In this example, hairpin NAT is configured.
Inspection Policy elements define how the engines look for patterns in traffic allowed through the Access rules and what happens when a certain type of pattern is found.
The Snort open source intrusion prevention system is integrated into Forcepoint NGFW. You can import externally created Snort configurations into Forcepoint NGFW to use Snort rule sets for inspection.
The rules in Firewall, IPS, Layer 2 Firewall, and Layer 2 Interface Policies allow you to control how the engines inspect and filter network traffic, and how NAT (network address translation) is applied on Firewalls, Master NGFW Engines, and Virtual Firewalls.
When you define IP addresses as elements, you can use the same definitions in multiple configurations for multiple components.
Service elements match traffic based on protocol or port and set options for advanced inspection of traffic. Service elements are used in Firewall Policies, IPS Policies, Layer 2 Firewall Policies, and Layer 2 Interface Policies.
Situation elements contain the context information that defines the pattern that the NGFW Engine looks for in the inspected traffic. Situation elements also define the patterns that match events in the traffic.
Network Application elements collect combinations of identified characteristics and detected events in traffic to dynamically identify traffic related to the use of a particular network application.
With the User Response element, you can send customized replies to users, instead of just closing an HTTP or HTTPS connection.
The Quality of Service (QoS) features allow you to manage bandwidth and prioritize connections on the NGFW Engines. QoS features are available on Firewalls, IPS NGFW Engines, Layer 2 Firewalls, Master NGFW Engines, Virtual Firewalls, Virtual IPS NGFW Engines, and Virtual Layer 2 Firewalls.
An anti-malware scanner compares network traffic against an anti-malware database to search for viruses and other malware. If malware is found, the traffic is stopped or content is stripped out.
Monitoring and restricting what data is sent out is an important part of data loss prevention (DLP). File filtering allows you to restrict the file types that are allowed in and out through the firewall, and to apply malware detection to files.
If you have installed Forcepoint One Endpoint clients on the endpoints in your network, you can collect information about endpoint clients, and use the information for access control in the SMC.
URL filtering allows you to filter URLs based on categories of content or lists of individual URLs.
Protocol elements of the Protocol Agent type are special modules for some protocols and services that require advanced processing. Protocol Agents can enforce policies on the application layer.
Sidewinder Proxies are software modules that provide network level proxies, protocol validation, and configurable application level protocol filtering and translation on Forcepoint Next Generation Firewall.
The TLS inspection feature decrypts TLS connections so that they can be inspected for malicious traffic and then re-encrypts the traffic before sending it to its destination.
QUIC is a secure general-purpose transport protocol. QUIC combines encryption and transport layer data stream processing into one protocol, thereby, reduces latency and improves security.
In addition to inspecting traffic on the NGFW Engine, you can transparently forward traffic to a proxy service in the cloud or on premises. For example, you can forward all HTTP and HTTPS traffic to the Forcepoint Web Security Cloud service.
Block listing is a way to temporarily block unwanted network traffic either manually or automatically with block list requests from an NGFW Engine or Log Server. Firewalls, IPS engines, Layer 2 Firewalls, and Virtual NGFW Engines can use a block list for blocking traffic.
User accounts are stored in internal databases or external directory servers. You can use Forcepoint NGFW in the Firewall/VPN role or external authentication servers to authenticate users.
Forcepoint NGFW supports both policy-based and route-based VPN (virtual private network) tunnels between VPN gateways. For full remote access, Forcepoint NGFW supports both IPsec and SSL VPN tunnels for VPN clients.
Maintenance includes procedures that you do not typically need to do frequently.
Troubleshooting helps you resolve common problems in the Forcepoint NGFW and SMC.