Create the Secure SD-WAN Engine in the Management Client

If you are deploying using the single Secure SD-WAN Engine, add and configure a placeholder Single Engine element for each Secure SD-WAN Engine that you deploy in the Azure cloud.

These steps provide an overview of the Secure SD-WAN Engine configuration process. For detailed instructions, see the following documents:

  • Forcepoint FlexEdge Secure SD-WAN Installation Guide
  • Forcepoint FlexEdge Secure SD-WAN Product Guide

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Add a Single Engine element.
  2. Browse to the General branch of the Engine Editor, then select the Location element for elements outside of the local network of the SMC servers from the Location drop-down list.
  3. Browse to Interfaces, then add a layer 3 physical interface and a dynamic IP address.
    1. Add a layer 3 physical interface.
    2. Add an IPv4 address to the interface.
    3. From the IP address type drop-down list, select Dynamic.
    4. From the Dynamic Index drop-down list, select First DHCP Interface.
    5. Select Automatic Default Route.
  4. Browse to Interfaces > Loopback, then add the following loopback IP address: 127.0.0.1.
  5. Browse to Interfaces > Interface Options, then make the following selections:
    1. Select Interface ID 0 as the primary control interface.
      The Node-Initiated Contact to Management Server option is automatically selected when the control IP address is dynamic. When the option is selected, the Secure SD-WAN Engine opens a connection to the Management Server and maintains connectivity.
    2. Select the loopback IP address as the identify for authentication requests.
  6. Browse to Routing, then add a default route through Interface 0.
    1. Right-click the network under Interface 0, then select Add Router.
    2. Right-click the Router element, then select Add.
    3. Browse to Networks > Any Network, click Add, then click OK.
  7. Click Save to save and validate changes, then close the Engine Editor.
  8. (Bring your own license only) Install a license, then bind the license to the Single Engine element.
  9. Save the initial configuration.
    1. Right-click the Secure SD-WAN Engine, then select Configuration > Save initial Configuration.
    2. Next to the Initial Security Policy field, click Select, then select a policy for the Secure SD-WAN Engine.
    3. Select Enable SSH Daemon.
    4. To save the initial configuration file, click Save As, then select the location where you want to save the file.