Configure global contact policy settings for node-initiated contact to the Management Server

Communication between the Management Server and an NGFW Engine, Master NGFW Engine, or Virtual NGFW Engine can be reversed. In this case, the NGFW Engine opens a connection to the Management Server and keeps it open to wait for any commands.

Before you begin

An NGFW Engine, Master NGFW Engine, or Virtual NGFW Engine with a dynamic Control IP Address has been configured.

Reversing communication might be necessary in the following cases:

  • The NGFW Engine does not have a static IP address that the Management Server can contact. For example, instead of a static IP address, the NGFW Engine has a dynamic IP address on the control interface or there is intermediate dynamic NAT.
  • The Management Server’s connections are blocked because of a traffic filtering device between the components.

The settings for communication between the Management Server and the engines are set in the SGConfiguration.txt file stored on the Management Server. You can either use the default values for each setting or change the settings by adding parameters and values to the SGConfiguration.txt file.

Steps

  1. On the Management Server computer, browse to the <installation directory>/data directory.
    Note: If you installed the Management Server in the C:\Program Files\Forcepoint\SMC directory in Windows, some program data might be stored in the C:\ProgramData\Forcepoint\SMC directory.
  2. Edit the SGConfiguration.txt file and add the following parameters as needed.
    Table 1. SGConfiguration parameters
    Parameter name Description
    DCP_INITIAL_DELAY Time (in seconds) to wait after initialization before the first connection attempt to the Management Server. The default value is 5 seconds.
    DCP_CONNECTION_INTERVAL Time (in seconds) to wait before connecting again to the Management Server after a successful connection. The default value is 25 seconds.
    DCP_RETRY_INTERVAL Time (in seconds) to wait before connecting again to the Management Server after a failed connection attempt. The default value is 25 seconds.
    DCP_IDLE_TIMEOUT Time (in seconds) before an idle connection is closed. The default value is 1800 seconds (30 minutes).
  3. Save and close the file.
  4. Refresh the policies of the engines to transfer the changes.