Create a Single Engine element for each Secure SD-WAN engine that you deploy in the AWS cloud.
Before you begin
Configure the network connections and contact addresses for the
SMC.
These steps provide an overview of the FlexEdge Secure SD-WAN configuration process. For detailed instructions, see the following documentation:
- Forcepoint FlexEdge Secure SD-WAN Installation Guide
- Forcepoint FlexEdge Secure SD-WAN Product Guide
Steps
-
In the Management Client component of the SMC, add a Single Engine element.
-
From the Location drop-down list on the General pane, select the Location element for elements outside of the local network of the
SMC servers.
In the example configuration, the "internet" Location element is used.
-
Add a layer 3 physical interface and configure it as the primary control interface.
-
To add a layer 3 physical interface, select .
-
To add a dynamic IP address to the interface, select .
-
From the IP address type drop-down list, select Dynamic.
-
From the Dynamic Index drop-down list, select First DCHP Interface.
-
In the Interface Options, select Interface ID 0 as the primary control interface.
The Node-Initiated Contact to Management Server option is automatically selected when the control IP address is dynamic. When the option is
selected, the engine opens a connection to the Management Server and maintains connectivity.
-
(Optional) Add more physical interfaces and IPv4 addresses according to your environment.
-
If the SMC is located outside of the VPC where the Secure SD-WAN Engine is deployed, add a
route to the Management Server on the Routing pane in one of the following ways:
-
Add more routes and configure other settings according to your environment, then click
Save to save and validate changes.
-
Install a license for the Secure SD-WAN engine and bind the license to the Single Engine element.
Note: When you use the Bring Your own License image, you must install a license for the engine in the SMC.
-
Save the initial configuration.
-
Right-click the engine, then select .
-
Next to the Initial Security Policy field, click Select and select a policy for the engine.
-
Select Enable SSH Daemon.
-
Keep the Save or Upload Initial Configuration dialog box open.
This dialog box shows the one-time password that you enter when you establish contact between the Secure SD-WAN Engine and the
Management Server.
Next steps
Prepare the AWS environment for the Forcepoint FlexEdge Secure SD-WAN deployment.