Use the Management Client to configure static or dynamic routing, and use a Multi-Link configuration to manage and distribute inbound and outbound connections.
Inbound traffic management ensures that services remain available even when one or more servers or NetLinks fail, and balances the load of incoming traffic more efficiently between a group of servers. Inbound traffic management is not supported on Layer 2 Firewalls or on layer 2 physical interfaces on Firewalls.
Using Server Pools, you can manage incoming traffic to your web servers.
Before setting up Forcepoint Next Generation Firewall (Forcepoint NGFW), it is useful to know what the different components do and what engine roles are available.
Before you can set up the system and start configuring elements, you must consider how the different SMC components should be positioned and deployed.
After deploying the SMC components, you are ready to start using the Management Client and carrying out some of the first configuration tasks.
You can use the SMC to monitor system components and third-party devices. You can also view and filter logs, and create Reports from them.
You can command and set options for engines through the Management Client or on the engine command line. You can also stop traffic manually.
Security Management Center (SMC) configuration allows you to customize how the SMC components work.
You can create and modify Firewalls, IPS engines, Layer 2 Firewalls, Master NGFW Engines and Virtual NGFW Engines. You can configure the engine properties, activate optional features, and configure advanced engine settings.
Routing defines through which next hop router the NGFW Engine forwards traffic from a source address to a destination address. Antispoofing defines which addresses are considered valid source addresses for the networks connected to each interface.
With dynamic routing, NGFW Engines automatically change their routing when the network topology changes. The NGFW Engines can also exchange information about appropriate routing paths.
You can use Multi-Link to distribute outbound traffic between multiple network connections and to provide High Availability and load balancing for outbound traffic.
Inbound traffic on a Firewall can be managed with a Server Pool.
The Server Pool element collects servers that provide a particular service into a single element and defines the settings for handling the inbound traffic.
Server Pool Monitoring Agents can be installed on the Server Pool servers to monitor the availability and load of the Server Pool members.
You can uninstall the Server Pool Monitoring Agents you no longer need.
Server Pool Monitoring Agents are configured in two files. The sgagent.local.conf file is specific for each server. The sgagent.conf file applies to all servers in the pool.
Enable Server Pool Monitoring Agents for one Server Pool element.
When using static DNS entries (recommended), you must make sure that the IP addresses for your Server Pool are properly entered into your DNS server’s records.
You can apply Server Pool load balancing to the firewall configuration by adding the Server Pool to an IPv4 Access rule in the Firewall Policy.
The Firewall can automatically update dynamic DNS (DDNS) entries for the Server Pool according to the available NetLinks.
You can test the Server Pool Monitoring Agents on the command line.
You can monitor the Server Pool Monitoring Agents on the command line.
To configure and monitor load balancing for multiple web servers, you can set up a Server Pool and install Monitoring Agents on the individual servers.
You set up dynamic DNS updates, so that Server Pool NetLink addresses, which correspond to the available Internet connections, are updated automatically on the DNS server.
Policies are key elements that contain rules for allowing or blocking network traffic and inspecting the content of traffic.
User accounts are stored in internal databases or external directory servers. You can use Forcepoint NGFW in the Firewall/VPN role or external authentication servers to authenticate users.
Forcepoint NGFW supports both policy-based and route-based VPNs (virtual private networks).
Maintenance includes procedures that you do not typically need to do frequently.
Troubleshooting helps you resolve common problems in the Forcepoint NGFW and SMC.