VPN Rules are described as:
The automatic rule only symbolizes the presence of the concept of communities in the rule base. There is no traffic matching only for this rule because every connection needs to match another rule in the rule base and to be logged, if necessary. The decision to encrypt a connection is automatic, thus encrypted connections (authorized by the VPN-1) will be logged (as encrypted) by the matching Accept rule.
They appear so that the administrator can see in a logical format what they have defined in the VPN community.
The only way to disable these rules is to delete the VPN community.
VPN community rules are created when you select "Accept all encrypted traffic" on the General tab of the VPN community. The rule is added in the security policy but does not fall into the category of explicit or implied rule, but is an automatic community rule.
This rule will encrypt all traffic between gateways managed by the same management server only. If the "Accept all encrypted traffic" is enabled, the gateway will accept the traffic if the gateway is not the destination.
To delete this rule the option will need to be deselected from the general properties tab of the VPN community.
To have more granular control over these rules the use of Traditional Mode VPN policies would have to be applied.
For more information about VPN Domains and Encryption Rules, see the Traditional Mode VPNs section in the VPN R77 Versions Administration Guide
Imported from Nokia support database