Deploying Forcepoint Email Security in Azure with Forcepoint Security Manager on-premises

This type of deployment is available for versions 8.5, 8.5.3, 8.5.4, or 8.5.5. These steps are specific to versions 8.5.3, 8.5.4, and 8.5.5; if you are deploying version 8.5, see Azure Deployment Steps: Version 8.5.

  1. Create a site-to-site VPN. See Microsoft documentation for more information.
  2. Log on to the Azure Marketplace, or use a direct link:
    1. Forcepoint Email Security v8.5.5 in Azure
    2. Forcepoint Email Security v8.5.4 in Azure
    3. Forcepoint Email Security v8.5.3 in Azure
  3. If you are installing in the Azure Government cloud:
    1. Log into Azure Government, then click Create a resource.
    2. In the Search bar, search for and select Forcepoint Email Security.
    3. Click Create. All other steps are the same as in the Azure portal.
  4. In the Search bar, search for Forcepoint, then select Forcepoint Email Security V8.5.3, V8.5.4, or V8.5.5.
  5. To create a new Forcepoint Email Security solution, click Get it now.
  6. Review the terms of use and privacy policy, then click Continue to proceed to the Azure portal.
  7. From the Azure portal, click Create.

    The Basics tab displays for configuring the email appliance settings.

  8. From Deploy Forcepoint Security Manager in addition to Email virtual appliances, click No.

    Options for Forcepoint Security Manager in Azure are removed from the tab.

  9. In the text field Email virtual appliance (VA) name, enter a name for the Forcepoint Email Security virtual appliance (VA).

    The name must be between 3 and 30 characters long and contain only numbers, letters, and hyphens.

  10. In the text fields Email VA password and Confirm Email VA password, enter and confirm the password for connecting to the host.

    The username is always “admin” on first login to Forcepoint Email Security. Additional accounts can be added later. The password must be a minimum of 12 characters and contain at least one number, one lowercase letter, one uppercase letter, and one special character.

  11. From the pull-down menu Number of virtual appliances, select the number of VAs to use; between 1 and 8.

    Forcepoint recommends using at least two VAs to ensure high availability. If only one VA is selected at this time, it is not possible to add additional VAs after deployment is complete. If two or more VAs are selected, additional VAs can be added at any point. See Add virtual machines to a Forcepoint Email Security in Azure deployment.

    Load balancers are deployed by default when two or more VAs are used.

  12. From the pull-down menu Subscription, select your subscription.
  13. From Resource group, click Create new and enter a name for the new resource group.

    A resource group is a container that holds related resources for an application. It will hold the Forcepoint Email Security VA. You must create a new resource group; using existing resource groups is not currently supported.

  14. From the pull-down menu Location, select the location for the VA.
  15. Click OK.

    The settings are saved and the Virtual Machine Sizing tab displays.

  16. From Email virtual appliance size, select the size of the VA you will need based on anticipated email volume, then click Select.

    Use the Search fields if you need to find a different size.

  17. From Storage account for VA, to use an existing storage account, click Use existing and select the storage account and disk type for the VA.
    To create a new storage account,
    1. Click Create new. The Create storage account tab displays.
    2. On the Create storage account tab, configure the Name, Account kind, Performance, and Replication settings and click OK. The new storage account is added.
  18. From the Virtual Machine Sizing tab, click OK.

    The settings are saved and the Network Configuration tab displays.

  19. From Virtual Network, select your existing virtual network with site-to-site connectivity to the on-premises Forcepoint Security Manager and SQL Server, or create a new virtual network.
    To create a new virtual network,
    1. Click Create new. The Create virtual network tab displays.
    2. On the Create virtual network tab, configure the Name and Address space.

    Following successful deployment, configure your new virtual network to connect with your on-premises components.

  20. From Subnets, select your existing subnet with site-to-site connectivity to the on-premises resources, or create a new subnet.

    The minimum supported size is /28 for the virtual network and subnet. See Requirements.

    Following successful deployment, configure your new subnet to connect with your on-premises components.

  21. From the Network Configuration tab, click OK.

    The settings are saved and the Forcepoint Security Manager tab displays.

  22. This tab is blank because the contents are only applicable when deploying Forcepoint Security Manager in Azure. Click OK.

    The Summary tab displays.

  23. From the Summary tab, review a summary of the Forcepoint Email Security solution you are building, then click OK.

    To change any configured settings, click one of the completed tabs. You will return to the Summary tab again after completing configuration.

    Final validation is performed and the Buy tab displays.

  24. On the Buy tab, review the Forcepoint Terms of Use, EULA, and Privacy Policy.
  25. To create the Forcepoint Email Security solution in the Azure cloud infrastructure, click Create.

    Forcepoint Email Security is a bring-your-own license VA, so there is no additional Azure Marketplace charge. The system reports that it is creating the Forcepoint Email Security solution in the configured network. This process may take a few minutes. The following image displays the resource group for a typical Forcepoint Email Security in Azure deployment.