Configure settings for Automatic rules

View a summary of Automatic rules and manage related settings in the Engine Editor.

Before you begin

The Template Policy used on the engine must contain the Automatic Rules Insert Point.

In the Automatic Rules section of the Engine Editor, you can set the log level and possible Alert element for Automatic rules. For Firewalls, Virtual Firewalls, and Master NGFW Engines, you can also define whether traffic from the engine to authentication ports is allowed.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Right-click an engine, then select Edit <element type>.
  3. Browse to Policies > Automatic Rules in the navigation pane on the left.
  4. (Firewalls, Virtual Firewalls, and Master NGFW Engines only) For the Allow Traffic to Authentication Ports setting, select Yes or No.
    By default, traffic to authentication ports is allowed.
  5. Using the Log Level for Automatic Rules menu, set the log level for Automatic rules to None, Alert, Essential, Stored, or Transient.
    By default, logging is set to None.
  6. (Optional, only if Log Level for Automatic Rules is set to Alert) Using the Alert menu, select the Alert element to use.
  7. Click Save.

Engine Editor – Policies – Automatic Rules

Use this branch to view a summary of currently used Automatic rules and change general settings for Automatic rules.

Option Definition
Allow Traffic to Authentication Ports

(Firewall/VPN role only)

When Yes is selected, allows traffic to the ports that are used for user authentication.
Allow Traffic from Listening IP Addresses to DNS Relay Port

(Firewall/VPN role only)

When Yes is selected, allows traffic from clients in the internal network to the standard DNS ports (53/TCP and 53/UDP) on the interfaces that are selected as listening interfaces for DNS relay.
Allow Connections to Domain-Specific DNS Servers

(Firewall/VPN role only)

When Yes is selected, allows connections from the firewall to the domain-specific DNS servers specified in the DNS Relay Profile element that is selected for firewall.
Allow Connections from Local DHCP Relay to Remote DHCP Server

(Firewall/VPN role only)

When Yes is selected, allows connections from interfaces on which DHCP relay is active to remote DHCP servers.
Log Level for Automatic Rules The log level for traffic that matches automatic rules.
  • None — Does not create any log entry.
  • Alert — Triggers an alert entry.
  • Essential — Creates a log entry that is shown in the Logs view and saved for further use.
  • Stored — Creates a log entry that is stored on the Log Server.
  • Transient — Creates a log entry that is displayed in the Current Events mode in the Logs view (if someone is viewing it) but is not stored.
Alert When Alert is selected, specifies the Alert element that is sent.
Reset to Default Settings Returns Automatic Rule changes to the default settings.