You can use the SMC to monitor system components and third-party devices. You can also view and filter logs, and create Reports from them.
You can view log, alert, and audit entries through the log browsing views. You can view data from SMC servers, all types of engines, and from third-party components that are configured to send data to the SMC.
You can export log entries in various ways and formats.
This online help was created for Forcepoint Next Generation Firewall (Forcepoint NGFW), version 6.9.0.
Before setting up Forcepoint Next Generation Firewall (Forcepoint NGFW), it is useful to know what the different components do and what engine roles are available.
Before you can set up the system and start configuring elements, you must consider how the different SMC components should be positioned and deployed.
After deploying the SMC components, you are ready to start using the Management Client and carrying out some of the first configuration tasks.
You can monitor Forcepoint NGFW components and view system summaries in the Management Client.
The SMC can be configured to log and monitor other manufacturers’ devices in much the same way as SMC components are monitored.
The Logs view displays all log, alert, and audit entries for the SMC.
You can browse, filter, and search for log data in the Logs view.
There are various ways in which you can customize how entries in the Log view are displayed.
Log, alert, and audit data can be copied directly from the Logs view, then pasted in comma-separated values (CSV) format.
Log, alert, and audit data can be exported directly from the Logs view. Use the export command for large numbers of entries.
You can set IPS Inspection rules to record network traffic as a logging option in both the Exceptions and the Rules tree.
You can save lists of elements, logged data, reports, statistics, and diagrams in PDF format or as HTML. You can customize the format of the PDF files.
You can use log entry details to generate new rules.
Elasticsearch is an open-source search engine that runs on an external Elasticsearch server cluster. You can forward log data from Log Servers and Management Servers to an Elasticsearch cluster to improve the performance of browsing and searching for log entries, report generation, and other log-related features.
Reports are summaries of logs and statistics that allow you to combine large amounts of data into an easily viewable form.
Filters allow you to select data based on values that it contains. Most frequently, you use filters when viewing logs, but filters can also be used for other tasks, such as exporting logs and selecting data for reports.
Diagrams allow you to visualize your network security environment.
When suspicious activity is detected, it is important to collect information about the incident and act quickly. The Incident Case element is a tool for investigating incidents of suspicious activity.
You can command and set options for engines through the Management Client or on the engine command line. You can also stop traffic manually.
Security Management Center (SMC) configuration allows you to customize how the SMC components work.
You can create and modify Firewalls, IPS engines, Layer 2 Firewalls, Master NGFW Engines and Virtual NGFW Engines. You can configure the NGFW Engine properties, activate optional features, and configure advanced NGFW Engine settings.
Use the Management Client to configure static or dynamic routing, and use a Multi-Link configuration to manage and distribute inbound and outbound connections.
Policies are key elements that contain rules for allowing or blocking network traffic and inspecting the content of traffic.
User accounts are stored in internal databases or external directory servers. You can use Forcepoint NGFW in the Firewall/VPN role or external authentication servers to authenticate users.
Forcepoint NGFW supports both policy-based and route-based VPN (virtual private network) tunnels between VPN gateways. For full remote access, Forcepoint NGFW supports both IPsec and SSL VPN tunnels for VPN clients.
Maintenance includes procedures that you do not typically need to do frequently.
Troubleshooting helps you resolve common problems in the Forcepoint NGFW and SMC.