Configure FlexEdge Secure SD-WAN provisioning and finish the automatic deployment

The FlexEdge Secure SD-WAN provisioning settings enable the connection between the Forcepoint FlexEdge Secure SD-WAN instance and the SMC API, and define settings that are applied after the instance starts.

Steps

  1. From the NGFW Deployment model drop-down list, select Automatic via SMC REST API.
  2. In the SMC Contact address (FQDN or IP address) field, enter the fully qualified domain name (FQDN) or the public IP address of the SMC API.
    Make sure that the information that you enter here matches the common name or subject alternative name in the certificate for the SMC API.
    Tip: You can find the FQDN or IP address of the SMC API in the Host Name field on the SMC API tab of the Management Server Properties dialog box in the Management Client.
  3. (Optional) If the SMC API uses a port other than the default port, enter the SMC API port number in the SMC rest API port field.
    The default port number is 8082.
  4. In the SMC rest API key field, enter the authentication key of the SMC API Client.
  5. Make sure that Yes is for Check REST API TLS certificate options.
    When Yes is selected, the TLS certificate of the SMC API is validated when Secure SD-WAN Engine elements are automatically created.
    Note: The No option is intended only for testing purposes. We do not recommend selecting No in a production environment.
  6. Next to the Upload SMC rest API certificate field, click the file browser icon, then select the certificate file.
    Tip: To find the certificate in the Management Client, select Configuration, then browse to Administration > Certificates > TLS Credentials.
  7. (FlexEdge Secure SD-WAN 6.5 and higher) In the Engine Location field, enter the name of the Location element that is selected for the Secure SD-WAN Engine when the Secure SD-WAN Engine element is created.
    The Location element must already exist before you deploy the Secure SD-WAN Engine. The name must match the name of the Location element in the SMC.
    Note: Make sure that you have defined contact address exceptions for this location in the properties of the Management Server and the Log Server.
  8. (Recommended) In the Engine policy name field, enter the name of the Engine Policy that is uploaded to the Secure SD-WAN Engine after the Secure SD-WAN Engine element is created.
    The Engine Policy must already exist before you deploy the Secure SD-WAN Engine. The name must match the name of the Engine Policy element in the SMC.
    Note: If you do not specify a Engine Policy, you must manually install a policy using the Management Client after deploying the Secure SD-WAN Engine.
  9. (Optional) From the Engine Auto delete when shutting off options, select No if you want the Secure SD-WAN Engine element to stay in the SMC when the Secure SD-WAN Engine instance shuts down.
    When Yes is selected, the Secure SD-WAN Engine elements are automatically deleted when the Secure SD-WAN Engine instances shut down or are restarted in Azure.
  10. Click OK.
    The deployment continues to a summary and the configuration is validated.
  11. When the validation is finished, click OK.
  12. Review the terms of use, then click Create.

Result

The Secure SD-WAN Engine deployment starts and an Secure SD-WAN Engine element is automatically created in the SMC. When deployment is finished, you can check the status using the Management Client.