Deploying Cloud Auto-Scaled Firewalls
You can create Secure SD-WAN Engines that can be scaled manually, on a schedule, or automatically depending on traffic load.
Using scaling features is an advanced task. You must know how scaling works and be aware of the related Azure guidelines. For Forcepoint FlexEdge Secure SD-WAN, both vertical and horizontal scaling is supported. For more information about scaling in Azure, see https://docs.microsoft.com/en-us/azure/architecture/best-practices/auto-scaling.
The scale set Secure SD-WAN solution template includes the Secure SD-WAN Engine software and the network environment in which it runs. The network environment includes the Security subnet in which the Secure SD-WAN Engines are deployed, and two protected subnets. The template creates a route from the protected subnets to the Internet through the Secure SD-WAN Engines. A route is also created between the two protected subnets.
Figure: Network environment for Cloud Auto-Scaled Firewall deployment
Cloud Auto-Scaled firewalls have the following limitations:
- Cloud Auto-Scaled Firewalls can only be created for Forcepoint FlexEdge Secure SD-WAN 6.4 or higher.
- The hourly (pay as you go) licensing model is recommended for Cloud Auto-Scaled Firewalls.
- The SMC API is required for Cloud Auto-Scaled Firewalls.
- Because you cannot modify the properties of Cloud Auto-Scaled Firewalls in the SMC, features that require changing the properties of the Secure SD-WAN Engine elements are not supported.