Provision EC2s with a supported version of Windows and Linux, according to Forcepoint hardware requirements available in the System requirements for this version document.
Also, use a supported SQL server to host the Forcepoint Security Manager data. See the Certified Product Matrix for supported versions of SQL Server.
Configure the virtual private cloud (VPC) and security groups according to your company policy and AWS best practices.
Open the relevant ports for the security group, including RDP port, located in the Forcepoint DLP ports document. The Forcepoint Security Manager itself and its components will use the same security group, so ports should be
added in both inbound and outbound. In Source, specify the range of desired IP addresses or the desired security group.
Forcepoint DLP requires a static IP, so allocate a static IP for the Forcepoint Security Manager. You may want to use an elastic IP if you would like to connect to the Forcepoint Security
Manager user interface from an external network.