Elements used in the configuration of NGFW Engines
You can view the types of elements used for configuring NGFW Engines.
Element Type | Explanation | ||
---|---|---|---|
NGFW Engines | Configurations particular to individual NGFW Engines, such as interface configurations. | ||
Policies | The rules for inspecting and handling network traffic. | ||
Network Elements | Represent IP addresses. | ||
Other Elements | Endpoint Information | Endpoint Application and Endpoint Settings elements can be used for matching in Access rules. The elements can be used to identify applications used on endpoint clients, and also determine the operating system or status of the local anti-virus or firewall. | |
Ethernet Services | Definitions for protocols that can be used for traffic filtering on the Ethernet level. | ||
Event Bindings | Sets of log events that can be used in Correlation Situations to bind together different types of events in traffic. | ||
File Types | Elements that represent different types of files that can be allowed or blocked in Access rules. | ||
HTTPS Inspection Exceptions | Lists of domains that can be used to exclude some traffic from HTTPS decryption and inspection. | ||
Logical Interfaces | Interface reference that can combine several physical interfaces into one logical entity. Used for defining traffic handling rules. | ||
MAC Addresses | Represent MAC addresses in Ethernet-level traffic filtering. | ||
Network Applications | Provide a way to dynamically identify traffic patterns related to the use of a particular application. | ||
Policy Snapshots | Saved versions of the NGFW Engine configurations. Created each time you install or refresh a policy on an NGFW Engine. | ||
Protocols | Supported network protocols. Can be used to define new Services for matching traffic in policies. You cannot add, delete, or change the Protocol elements. | ||
Services | Network protocols and ports. | ||
Situations | Patterns that deep inspection looks for in traffic. | ||
TLS Matches | Define matching criteria for the use of the TLS (transport layer security) protocol in traffic, and specify whether TLS traffic is decrypted for inspection. | ||
Vulnerabilities | References that link some Situations to publicly available databases of known vulnerabilities in various software. | ||
Dynamic Routing Elements | Elements and Access Lists used for configuring dynamic routing. For more information on elements used in configuring dynamic routing, see the chapter about dynamic routing. | ||
Engine Properties | Anti-spam | The Anti-Spam feature is no longer supported in NGFW version 6.2.0 and later. | |
DNS Relay Profiles | Define the host name mappings, domain-specific DNS servers, fixed domain answers, and DNS answer translations that the firewall uses when it provides DNS services to the internal network. | ||
Sandbox Services | Define the settings for connecting to a sandbox server for Forcepoint Advanced Malware Detection. | ||
SNMP agents | Configuration information for sending SNMP traps to external components about system events related to NGFW Engines. | ||
User Identification Services | Elements for the Forcepoint User ID Service, the McAfee Logon Collector, or the Integrated User ID Service that associate IP addresses with
users. The Integrated User ID Service is primarily meant for demonstration purposes and proof-of-concept testing of user identification services. Note:
McAfee Logon Collector is only supported in Forcepoint NGFW version 5.8 or higher. For Forcepoint NGFW version 6.4 or higher, we recommend that you use the Forcepoint User ID Service.
|
||
User Authentication Pages | Define the look of the logon page, challenge page, and different status pages shown to end users who authenticate through a web browser. | ||
User Responses | Settings for notifying end users about different policy actions. | ||
ECA Configurations | Define settings for securing connections between endpoint clients and the NGFW Engine. |