Post-installation steps for Forcepoint NGFW in the IPS role

There are some steps to follow after you have completed the installation, installed a basic policy, and turned the IPS engines online.

Note: The configuration information is stored on the Management Server. Most changes are transferred to the engines only when you install or refresh the IPS policy.

The basic administration tasks you must learn or complete next include the following:

  • How to read and control the operating state of IPS engines.
  • Adjusting the automatic tester that monitors the operation of the IPS engines and the surrounding network.

After you have installed your first IPS policy, your next task is gathering information about the events detected in your networks during a “tuning period”. Once you have enough information on what kind of traffic — malicious and harmless — can be seen in your network, you can edit your policies to improve the detection accuracy and to get rid of false alarms. The most typical customization steps include:

  • Creating your own policy or policy template.
  • Editing the Ethernet rules, Access rules, and Inspection rules.
  • Creating your own custom Situations.