You can use the SMC to monitor system components and third-party devices. You can also view and filter logs, and create Reports from them.
You can view log, alert, and audit entries through the log browsing views. You can view data from SMC servers, all types of engines, and from third-party components that are configured to send data to the SMC.
You can browse, filter, and search for log data in the Logs view.
This online help was created for Forcepoint Next Generation Firewall (Forcepoint NGFW), version 6.9.0.
Before setting up Forcepoint Next Generation Firewall (Forcepoint NGFW), it is useful to know what the different components do and what engine roles are available.
Before you can set up the system and start configuring elements, you must consider how the different SMC components should be positioned and deployed.
After deploying the SMC components, you are ready to start using the Management Client and carrying out some of the first configuration tasks.
You can monitor Forcepoint NGFW components and view system summaries in the Management Client.
The SMC can be configured to log and monitor other manufacturers’ devices in much the same way as SMC components are monitored.
The Logs view displays all log, alert, and audit entries for the SMC.
The Fields pane provides several alternative views to the log entry that is selected.
Efficient use of the logs requires that you filter the records displayed in the Logs view.
You can filter logs based on the components that created the entries.
You can specify which servers and storage folders to include.
You can use Log Data Contexts to select which type of log data is displayed in the Logs view and in the Reports view.
The Log Analysis view provides various tools to analyze logs, alerts, and audit entries.
By default, log entries are sorted according to their creation time. You can alternatively sort log entries according to any other column heading.
You can save snapshots of log, alert, and audit entries in the Log Analysis view.
The snapshots of log, alert, and audit entries are listed in the Monitoring view.
You can skip around logs from different time periods using the timeline.
The Logs view has two operating modes. One mode shows a fixed time frame, the other is a stream of current log entries, which also includes temporary entries.
To get more information about the source of traffic that triggered a log entry, you can look up the Whois record of IP addresses in log entries.
Query McAfee ePO information about IP addresses to get information about the hardware and software on client computers.
If you have saved copies of the most recent log and alert entries locally on the NGFW Engine, you can browse the log and alert entries on the command line of the NGFW Engine.
There are various ways in which you can customize how entries in the Log view are displayed.
You can export log entries in various ways and formats.
You can save lists of elements, logged data, reports, statistics, and diagrams in PDF format or as HTML. You can customize the format of the PDF files.
You can use log entry details to generate new rules.
Elasticsearch is an open-source search engine that runs on an external Elasticsearch server cluster. You can forward log data from Log Servers and Management Servers to an Elasticsearch cluster to improve the performance of browsing and searching for log entries, report generation, and other log-related features.
Reports are summaries of logs and statistics that allow you to combine large amounts of data into an easily viewable form.
Filters allow you to select data based on values that it contains. Most frequently, you use filters when viewing logs, but filters can also be used for other tasks, such as exporting logs and selecting data for reports.
Diagrams allow you to visualize your network security environment.
When suspicious activity is detected, it is important to collect information about the incident and act quickly. The Incident Case element is a tool for investigating incidents of suspicious activity.
You can command and set options for engines through the Management Client or on the engine command line. You can also stop traffic manually.
Security Management Center (SMC) configuration allows you to customize how the SMC components work.
You can create and modify Firewalls, IPS engines, Layer 2 Firewalls, Master NGFW Engines and Virtual NGFW Engines. You can configure the NGFW Engine properties, activate optional features, and configure advanced NGFW Engine settings.
Use the Management Client to configure static or dynamic routing, and use a Multi-Link configuration to manage and distribute inbound and outbound connections.
Policies are key elements that contain rules for allowing or blocking network traffic and inspecting the content of traffic.
User accounts are stored in internal databases or external directory servers. You can use Forcepoint NGFW in the Firewall/VPN role or external authentication servers to authenticate users.
Forcepoint NGFW supports both policy-based and route-based VPN (virtual private network) tunnels between VPN gateways. For full remote access, Forcepoint NGFW supports both IPsec and SSL VPN tunnels for VPN clients.
Maintenance includes procedures that you do not typically need to do frequently.
Troubleshooting helps you resolve common problems in the Forcepoint NGFW and SMC.