Use the Management Client to configure static or dynamic routing, and use a Multi-Link configuration to manage and distribute inbound and outbound connections.
Inbound traffic management ensures that services remain available even when one or more servers or NetLinks fail, and balances the load of incoming traffic more efficiently between a group of servers. Inbound traffic management is not supported on Layer 2 Firewalls or on layer 2 physical interfaces on Firewalls.
Using Server Pools, you can manage incoming traffic to your web servers.
This online help was created for Forcepoint Next Generation Firewall (Forcepoint NGFW), version 6.9.0.
Before setting up Forcepoint Next Generation Firewall (Forcepoint NGFW), it is useful to know what the different components do and what engine roles are available.
Before you can set up the system and start configuring elements, you must consider how the different SMC components should be positioned and deployed.
After deploying the SMC components, you are ready to start using the Management Client and carrying out some of the first configuration tasks.
You can use the SMC to monitor system components and third-party devices. You can also view and filter logs, and create Reports from them.
You can command and set options for engines through the Management Client or on the engine command line. You can also stop traffic manually.
Security Management Center (SMC) configuration allows you to customize how the SMC components work.
You can create and modify Firewalls, IPS engines, Layer 2 Firewalls, Master NGFW Engines and Virtual NGFW Engines. You can configure the NGFW Engine properties, activate optional features, and configure advanced NGFW Engine settings.
Routing defines through which next hop router the NGFW Engine forwards traffic from a source address to a destination address. Antispoofing defines which addresses are considered valid source addresses for the networks connected to each interface.
With dynamic routing, NGFW Engines automatically change their routing when the network topology changes. The NGFW Engines can also exchange information about appropriate routing paths.
You can use Multi-Link to distribute outbound traffic between multiple network connections and to provide high availability and load balancing for outbound traffic.
Server Pool elements provide inbound traffic management for traffic to servers in the protected network.
The Server Pool element collects servers that provide a particular service into a single element and defines the settings for handling the inbound traffic.
There are different methods for monitoring whether a server or a service running on a server is available.
Before you can enable Server Pool load balancing using NAT rules, you must create Access rules to allow the type of traffic that is handled by the Server Pool.
NAT rules specify which traffic is directed to the Server Pool. You can use NAT rules to apply both source and destination address translation for Server Pools.
NAT rules are the preferred way to enable Server Pool load balancing. For backward compatibility, it is still possible to enable Server Pool load balancing using Access rules.
The NGFW Engine can automatically update dynamic DNS (DDNS) entries for the Server Pool according to the available NetLinks.
Server Pool Monitoring Agents provide advanced features for monitoring the server load and status.
To configure load balancing for multiple web servers, you can set up a Server Pool.
When you set up dynamic DNS updates, the Server Pool NetLink addresses that correspond to the available Internet connections are updated automatically on the DNS server.
When you use Multi-Link for outbound traffic management or Multi-Link VPNs, Forcepoint NGFW in the Firewall/VPN role can dynamically select the NetLink or VPN link that best matches the quality requirements of traffic.
Policies are key elements that contain rules for allowing or blocking network traffic and inspecting the content of traffic.
User accounts are stored in internal databases or external directory servers. You can use Forcepoint NGFW in the Firewall/VPN role or external authentication servers to authenticate users.
Forcepoint NGFW supports both policy-based and route-based VPN (virtual private network) tunnels between VPN gateways. For full remote access, Forcepoint NGFW supports both IPsec and SSL VPN tunnels for VPN clients.
Maintenance includes procedures that you do not typically need to do frequently.
Troubleshooting helps you resolve common problems in the Forcepoint NGFW and SMC.