Configure Forcepoint SMC
Forcepoint SMC must be reachable from AWS components that provision the necessary configuration between the FlexEdge Secure SD-WAN engines hosted in AWS and the existing SMC using the SMC API. If SMC is not already reachable from outside the private company network, do as follows:
- Sign into the SMC.
- Navigate to Configuration > Administration.
- Expand Access Rights and then select API Clients.
- Right-click API Clients and select New API Client. The API Client Properties screen is displayed.
- Add a name in the Name field, and then click Generate Authentication Key. You can save the authentication key in your local drive for future reference.
- Select the Permissions tab.
- Select Unrestricted Permissions (Superuser) option.
- Click OK.
- From the left navigate panel navigate to Certificates, and then select TLS Credentials.
- Right-click TLS Credentials and select New TLS Credentials. Perform the following:
- Type a name for the certificate.
- Type the publicly accessible IP address into the Common Name [CN] field. Rest of the fields must have existing default values.
- Click Next.
- Select the Self-Sign option, and then click Finish.
- Right-click the newly created Credential and select Properties.
- From the Certificate properties window, select the Certificate tab, then copy the entire content including the lines:—–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–.
- Save the certificate in your local drive for future reference.
- Click OK.
- Close the Certificate window.
- From the left navigation pane, select Other Elements and right-click Locations.
- Select New Location. The Location Properties window is displayed.
- Type "cloud" in the Name field using only lower-case characters
- Click OK.
- Select .
- Browse to Management Server, then right-click the Management Server and select Properties.
- Click General tab and then select Exceptions.
- Click Add and browse the location "cloud" created in step 19. Select "cloud" and enter the public IP of the SMC into the Contact Addresses section.
- Click OK.
- Navigate to the SMC API tab and select Enable.
- From the Server Credentials section click the option Select.
- From the Select Element windows select the TLS Credentials that has been created already.
- From the Server TLS Cryptography Suite Set section, click the option Select.
- From the Select Element window, select the option
NIST(SP 800-52 Rev.2) Compatible TLS Cryptographic Algorithms
. - Click Select and then OK in the Management Server-Properties window when finished.
- Click Yes.
- Select .
- Browse to Log Server, then right-click the Log Server and select Properties.
- Add an exception same as done in step 23.