Configure policy settings for the NGFW Engine
Policy settings specify which policies the NGFW Engine uses, as well as settings for element-based NAT, alias translation, and automatic rules.
Steps
- Browse to .
- Configure the settings, then click Save.
- Publish the changes.
Example
Fields marked with an asterisk in the user interface are mandatory.
Option | Definition |
---|---|
Layer3 Policy | The selected Layer 3 Policy for the NGFW Engine. We recommend that you do not change this setting. |
Inspection Policy | The selected Inspection Policy for the NGFW Engine. |
File Filtering Policy | This option is not yet supported. |
NAT Definition | When selected, enables options for element-based NAT. |
Alias Resolving |
Click to add the first row. Click or to add a row.
|
Automatic Rules Settings | When selected, enables options for automatic rules. |
Option | Definition |
---|---|
NAT Element Array | Click | to add definitions for element-based NAT.
NAT Type | Select the translation type.
|
NAT Address Private | The element that represents the private IP address. Type part of the name of an element or browse through the drop-down list to select an element. |
NAT Address Public |
Select the source of the public IP address.
|
NAT Port Filter | To limit NAT only to traffic that goes to selected destination ports, select a Service or Service Group element to act as a port filter. The Service or Service Group element includes the destination port information (a single destination port or a range of ports). Type part of the name of an element or browse through the drop-down list to select an element. |
NAT Default Enabled | The NGFW Engine uses the default NAT address as the public IP address if there is not a more specific NAT definition that matches the traffic. When you select this option, a NAT rule is generated at the end of the NAT rules in the policy. If no NAT rule matches the traffic, no NAT is applied unless you enable the Default NAT Address. |
Option | Definition |
---|---|
Logging | When selected, enables the logging options. |
Log Level | The log level for traffic that matches automatic rules.
|
Severity | When the Log Level is set to Alert, defines the severity of the alert. |
Connection Closing | Specifies how log entries are created when connections are closed.
|
Log User | Defines whether information about users is included in the log data.
|
Log URL Category | Defines whether information about URL categorization is included in the log data.
|