Configure FlexEdge Secure SD-WAN settings
Configure settings for the virtual machine where the Forcepoint FlexEdge Secure SD-WAN instance runs.
Steps
- From the NGFW licensing model options, select the licensing model for the Secure SD-WAN Engine.
-
(Optional) From the NGFW Version drop-down list, select the Secure SD-WAN Engine
version.
Version 6.4 or higher is required.
-
If the default value of the Virtual network option does not meet your needs, select a different value.
You must view and accept the virtual network settings even if you do not change the settings.
- If the default values of the NGFW Security Subnet, Protected FrontEnd Subnet, and Protected BackEnd Subnet options do not meet your needs, change the settings, then click OK.
-
(Optional) If the default value of the NGFW VM Size option does not meet your needs, select a different value.
We recommend selecting a general purpose VM size that has a SKU that starts with the letter D and at least 4 GB of RAM.
-
In the Resource prefix field, enter an identifying prefix that is automatically added to the name of the resource.
The prefix is also added to the name of the automatically created Secure SD-WAN Engine element in the SMC.
- From the VM Zone options, select the zone to which the Secure SD-WAN Engine belongs.
-
From the Modify existing vnet to redirect traffic to NGFW option, select
whether to automatically redirect traffic to the Secure SD-WAN Engine.
Note: The Modify existing vnet to redirect traffic to NGFW options are only available if you selected an existing virtual network as the value of the Virtual network option. If you created a new virtual network for the FlexEdge Secure SD-WAN deployment, the new virtual network is automatically configured.
- Yes — Traffic to and from the protect subnets is immediately redirected to the Secure SD-WAN Engine. Route tables are automatically attached to the virtual networks that are selected for the Protected
FrontEnd Subnet and Protected BackEnd Subnet options. For Cloud Auto-Scaled Firewalls, the mandatory Azure NSG is deployed in the
virtual network that you selected for the NGFW Security Subnet option.Note: If additional subnets need to be redirected to the Secure SD-WAN Engine, you must associate the route table manually with those additional subnets.
- No — You must associate route tables with the virtual networks that are selected for the Protected FrontEnd Subnet and Protected BackEnd Subnet options to route traffic through the Secure SD-WAN Engine. For Cloud Auto-Scaled Firewalls, you must manually attach the mandatory Azure NSG to the virtual network that you selected for the NGFW Security Subnet option.
- Yes — Traffic to and from the protect subnets is immediately redirected to the Secure SD-WAN Engine. Route tables are automatically attached to the virtual networks that are selected for the Protected
FrontEnd Subnet and Protected BackEnd Subnet options. For Cloud Auto-Scaled Firewalls, the mandatory Azure NSG is deployed in the
virtual network that you selected for the NGFW Security Subnet option.
- Click OK.