You can create and modify Firewalls, IPS engines, Layer 2 Firewalls, Master NGFW Engines and Virtual NGFW Engines. You can configure the NGFW Engine properties, activate optional features, and configure advanced NGFW Engine settings.
DNS relay allows the firewall to provide DNS services for clients in internal networks.
This online help was created for Forcepoint Next Generation Firewall (Forcepoint NGFW), version 6.9.0.
Before setting up Forcepoint Next Generation Firewall (Forcepoint NGFW), it is useful to know what the different components do and what engine roles are available.
Before you can set up the system and start configuring elements, you must consider how the different SMC components should be positioned and deployed.
After deploying the SMC components, you are ready to start using the Management Client and carrying out some of the first configuration tasks.
You can use the SMC to monitor system components and third-party devices. You can also view and filter logs, and create Reports from them.
You can command and set options for engines through the Management Client or on the engine command line. You can also stop traffic manually.
Security Management Center (SMC) configuration allows you to customize how the SMC components work.
NGFW Engine elements contain the configuration information that is directly related to the Firewalls, IPS engines, and Layer 2 Firewalls. The configuration information includes interface definitions, cluster mode selection, tester settings, and other options specific to the NGFW Engine.
Virtual NGFW Engines are logically separate NGFW Enginess that run as virtual instances on a physical NGFW appliance. A Master NGFW Engine is a physical appliance that provides resources for Virtual NGFW Engines.
The network interface configuration for NGFW Engines is stored on the Management Server in the properties of Single Firewall, Firewall Cluster, Single IPS, IPS Cluster, Single Layer 2 Firewall, Layer 2 Firewall Cluster, Master NGFW Engine, and Virtual NGFW Engine elements.
To maintain the security of your system, the NGFW Engines establish an authenticated and encrypted connection with Log Servers and Management Servers.
Element-based NAT allows you to define NAT addresses in the properties of an element. The NAT definitions define how firewalls translate network IP addresses.
The NGFW Engine tester runs various checks on the NGFW Engine and initiates responses based on the success or failure of these tests.
You can set permissions to control the administration of the engines.
In DNS relay, clients send DNS requests to a DNS resolver, which forwards the requests to a remote DNS server. In Forcepoint NGFW, the firewall can act as a local DNS resolver for clients in the internal network.
To enable DNS relay, you must configure DNS Relay settings for the firewall. You can optionally create custom DNS Relay Profile elements.
SNMP is a standard protocol that different equipment can use to send network management-related information to each other. You can configure NGFW Engines to send SNMP traps to external equipment.
Network devices can use the Link Layer Discovery Protocol (LLDP) to advertise their identity, capabilities, and neighbors on a local area network.
Alias elements can be used to represent other network elements in configurations. The value an Alias takes in a configuration can be different on each NGFW Engine where the Alias is used.
There are several add-on features that you can use on Firewalls, IPS engines, Layer 2 Firewalls, Virtual Firewalls, Virtual IPS engines, and Virtual Layer 2 Firewalls.
Advanced settings cover various system parameters related to different features.
Use the Management Client to configure static or dynamic routing, and use a Multi-Link configuration to manage and distribute inbound and outbound connections.
Policies are key elements that contain rules for allowing or blocking network traffic and inspecting the content of traffic.
User accounts are stored in internal databases or external directory servers. You can use Forcepoint NGFW in the Firewall/VPN role or external authentication servers to authenticate users.
Forcepoint NGFW supports both policy-based and route-based VPN (virtual private network) tunnels between VPN gateways. For full remote access, Forcepoint NGFW supports both IPsec and SSL VPN tunnels for VPN clients.
Maintenance includes procedures that you do not typically need to do frequently.
Troubleshooting helps you resolve common problems in the Forcepoint NGFW and SMC.