Running NGFW Engines as Master NGFW Engines
There are some hardware requirements and configuration limitations when you use an NGFW Engine as a Master NGFW Engine.
Running the NGFW Engine as a Master NGFW Engine does not require a third-party virtualization platform. When you run Forcepoint NGFW as a Master NGFW Engine, the Forcepoint NGFW hardware provides the virtual environment and resources for the hosted Virtual NGFW Engines. You must always install the Forcepoint NGFW software on a hardware device to run the NGFW Engine as a Master NGFW Engine.
You can run Master NGFW Engines on the following types of hardware platforms:
- Purpose-built Forcepoint NGFW appliances with 64-bit architecture
- Third-party hardware with 64-bit architecture that meets the hardware requirements
For information about system requirements, see the Release Notes.
The following limitations apply when you use an NGFW Engine as a Master NGFW Engine:
- Each Master NGFW Engine must run on a separate 64-bit physical device.
- All Virtual NGFW Engines hosted by a Master NGFW Engine or Master NGFW Engine cluster must have the same role and the same Failure Mode (fail-open or fail-close).
- Master NGFW Engines can allocate VLANs or interfaces to Virtual NGFW Engines. If the Failure Mode of the Virtual IPS engines or Virtual Layer 2 Firewalls is Normal (fail-close) and you want to allocate VLANs to several engines, you must use the Master NGFW Engine cluster in standby mode.