Creating multiple Firewalls at the same time using a wizard

You can create multiple Single Firewalls or Firewall Clusters at the same time using a wizard. To simplify the configuration, you can create the Firewalls based on an existing Firewall.

Using the wizard offers several benefits:

  • It is easy to create several Firewall elements at the same time.
  • You can select IP addresses as Endpoints for the VPN Gateway elements that represent the Firewalls in VPNs.
  • You can define a policy that is automatically installed on the Firewalls when they make initial contact to the Management Server.

The Firewall properties you define in the wizard are common to all the Firewalls you create. Consider which properties all Firewalls can share and which properties must be defined separately for each Firewall. After you have created the Firewalls, you can change the properties of each individual Firewall.

Interfaces

You must define at least one layer 3 physical interface and one IPv4 address for the Firewalls. Make sure that the IP addresses that are assigned to the Firewalls are not used by any other components.

To use a Layer 3 Physical Interface for communication with the Management Server, define a Layer 3 Physical Interface with an IP address (dynamic IP address for Single Firewalls). The Layer 3 Physical Interface is assigned Interface ID 0. When connecting the cables to the appliance, connect the cable for the control connection to Ethernet port 0. See the relevant Hardware Guide for detailed information about mapping the Interface IDs with specific ports on the appliances.

Considerations for Single Firewalls

  • You can optionally use the Proof-of-Serial (POS) codes that are delivered with the Forcepoint NGFW appliances to create the Single Firewall elements.
  • When you use POS codes in the wizard, all appliances must be the same model. If you have POS codes for different types of appliances, you must run the wizard separately for each appliance model to create the elements. Before you create Firewall elements, note the serial numbers and geographical locations of the appliances.
  • In plug-and-play configuration, the appliances configure themselves automatically after they are plugged in and connected to the network.
    Note: Only specific Forcepoint NGFW appliances can use plug-and-play configuration.
    Note: There are special considerations when using plug-and-play configuration. For example, both the SMC and the NGFW Engines must be registered for plug-and-play configuration before you configure the engines. See Knowledge Base article 9662.

Add interfaces in the following order:

  1. Layer 3 Physical Interfaces
  2. Integrated ADSL modems
    Note: ADSL Interfaces are only supported on specific legacy Forcepoint NGFW appliances that have an integrated ADSL network interface card.
  3. Integrated mobile broadband modems
  4. Tunnel Interfaces
  5. Integrated wireless modems
  6. SSID Interfaces
  7. Integrated switches and Port Group Interfaces

Considerations for Firewall Clusters

  • You cannot use the Proof-of-Serial (POS) codes that are delivered with the Forcepoint NGFW appliances.
  • The new Firewall Clusters must be based on an existing Firewall Cluster.

Add interfaces in the following order:

  1. Layer 3 Physical Interfaces
  2. Tunnel Interfaces