For descriptions of all log fields, see the following reference.
Before setting up Forcepoint Next Generation Firewall (Forcepoint NGFW), it is useful to know what the different components do and what engine roles are available.
Before you can set up the system and start configuring elements, you must consider how the different SMC components should be positioned and deployed.
After deploying the SMC components, you are ready to start using the Management Client and carrying out some of the first configuration tasks.
You can use the SMC to monitor system components and third-party devices. You can also view and filter logs, and create Reports from them.
You can command and set options for engines through the Management Client or on the engine command line. You can also stop traffic manually.
Security Management Center (SMC) configuration allows you to customize how the SMC components work.
You can create and modify Firewalls, IPS engines, Layer 2 Firewalls, Master NGFW Engines and Virtual NGFW Engines. You can configure the engine properties, activate optional features, and configure advanced engine settings.
Use the Management Client to configure static or dynamic routing, and use a Multi-Link configuration to manage and distribute inbound and outbound connections.
Policies are key elements that contain rules for allowing or blocking network traffic and inspecting the content of traffic.
User accounts are stored in internal databases or external directory servers. You can use Forcepoint NGFW in the Firewall/VPN role or external authentication servers to authenticate users.
Forcepoint NGFW supports both policy-based and route-based VPNs (virtual private networks).
Maintenance includes procedures that you do not typically need to do frequently.
Troubleshooting helps you resolve common problems in the Forcepoint NGFW and SMC.
There are command line tools for the SMC and the NGFW Engines.
There are default ports used in connections between SMC components and default ports that SMC components use with external components.
Expressions are elements that allow you to create simple definitions for representing complex sets of IP addresses by using logical operands.
Predefined Aliases are used in the default policies. Some of them might be useful when you create your own rules.
There are parameters you can define for Situation Contexts.
The SMC has its own regular expression syntax. Regular expressions are used in Situations for matching network traffic. Situations are used in the Inspection rules on NGFW Engines.
For information about SNMP traps (notifications) and MIBs (objects), see the following reference.
There are SMC-specific LDAP classes and attributes that you add to the schema of external LDAP servers.
The following tables list the fields of the log entry table and the corresponding XML fields exported to syslog for exportable log entry fields.
The following table lists the possible values for the Facility field in the log table.
The following table lists the possible values for the Type field in the log table.
The following table shows the most common log occurrences for the Action field.
The following table shows the most common log occurrences for the Event field.
These tables list the most common IPsec VPN log messages (Facility=IPsec).
The following table explains the audit entry types.
The following table presents the categories for messages that appear in log entries sent to an external syslog server.
The following states are used in the State column in the Connections view and (in part) in the Logs view with info messages or logs on the closing of connections.
The keyboard shortcut reference describes the available shortcut keys in the Management Client.
The multicasting reference describes the general principles of multicasting and how it can be used with CVIs (cluster virtual IP addresses) in Firewall Clusters.
Some common TCP/IP protocol headers can be used.
The decimal and hexadecimal values of the ASCII characters are presented for interpreting traffic captures and predefined Situation Contexts.