Protecting essential communications example

You can make sure that essential communications are protected and cannot be cut off.

Company A has a firewall system administered by multiple administrators of various degrees of familiarity with networking, firewalls, and Forcepoint NGFW Firewalls. The administrators must often make quick changes to respond to the needs of the company and attend to any problems detected.

In this situation, it is possible that someone might accidentally change the Firewall Policy in such a way that important services are cut off. The administrators decide to separate the rules allowing the most important business communications from rules that deal with non-essential traffic to minimize this risk. The administrators:
  1. Create a Firewall Template Policy and select the predefined Firewall Template as the basis of the policy.

  2. Cut and paste the rules allowing essential communications from their current Firewall Policy into the new Firewall Template Policy.

    In this case, all administrators are allowed to edit the new Firewall Template Policy as well.

  3. Add an insert point below the copied rules in the Firewall Template Policy.

    Having the insert point below the essential rules prevents the rules added to the inheriting Firewall Policy from affecting the essential communications.

  4. Reparent their current Firewall Policy to use the new template, moving it down a step in the policy hierarchy.

  5. After validating the policy and making sure that the rules are correct, refresh the current Firewall Policy.

    Most daily editing is done in the Firewall Policy. There is less risk of someone accidentally changing the essential rules in the Firewall Template Policy, because the rules are not editable in the Firewall Policy.