Guidelines for deploying Forcepoint NGFW in the Firewall/VPN role
There are some general deployment guidelines for Firewalls, Master NGFW Engines, and the SMC.
| Component | General Guidelines |
|---|---|
| Management Server | Position on a central site where it is physically accessible to the administrators responsible for maintaining its operation. |
| Log Servers | Place the Log Servers centrally and locally on sites as needed based on log data volume and administrative responsibilities. |
| Management Clients | Management Clients can be used from any location that has network access to the Management Server and the Log Servers. |
| Management Server | Position on a central site where it is physically accessible to the administrators responsible for maintaining its operation. |
| Firewalls | Position Firewalls at each location so that all networks are covered. Firewalls can be clustered. Functionally, the Firewall Cluster is equal to a single high-performance Firewall. Cluster deployment sets up a heartbeat link between the Firewalls. The heartbeat link allows the devices to:
|
| Master NGFW Engines | Position Master NGFW Engines where Virtual NGFW Engines are needed. For example, at a
hosting location for MSSP services or between networks that require strict isolation. Master NGFW Engines can be clustered. A clustered Master NGFW Engine provides scalability and high availability. In a
Master NGFW Engine Cluster, the Virtual Resource is active in one
Master NGFW Engine at a time. Cluster deployment sets up a
heartbeat link between the Firewalls. The heartbeat link allows the devices to:
|