Things to consider when changing the NGFW Engine role
You can change the role of an NGFW Engine, converting one type of NGFW Engine to another, if you have a specific need to do so.
Consider these things when changing the role:
- You can only change the NGFW Engine role for engines that currently have Forcepoint NGFW software installed. To change the role of engines that currently have specific engine software (for example, Firewall/VPN) installed, you must reinstall the engine software. See the Forcepoint Next Generation Firewall Installation Guide.
- Changing the engine role is only supported on modular appliances, for engines installed on a virtualization platform, or for engines installed on your own hardware. You cannot change the engine role on small appliances.
- You must have an NGFW Engine license that is valid for all engine roles. You cannot change the role of engines that have a license for a specific type of engine.
- If using the NGFW Initial Configuration Wizard on the engine command line, you must connect through a serial console or VGA console. It is not possible to change the engine’s role using an SSH connection to the engine.