Communication between the Management Server and an Secure SD-WAN Engine, Master Engine, or Virtual
Secure SD-WAN Engine can be reversed. In this case, the Secure SD-WAN Engine opens a connection to the Management
Server and keeps it open to wait for any commands.
Before you begin
An
Secure SD-WAN Engine, Master Engine, or Virtual
Secure SD-WAN
Engine with a dynamic Control IP Address has been configured.
Reversing communication might be necessary in the following cases:
- The Secure SD-WAN Engine does not have a static IP address that the Management Server can contact. For example, instead of a static IP address,
the Secure SD-WAN Engine has a dynamic IP address on the control interface or there is intermediate dynamic NAT.
- The Management Server’s connections are blocked because of a traffic filtering device between the components.
The settings for communication between the Management Server and the engines are set in the SGConfiguration.txt file stored on the Management Server. You can either use the default values for each setting or change the settings by adding parameters and values to the SGConfiguration.txt file.
Steps
-
On the Management Server computer, browse to the <installation directory>/data directory.
Note: If you installed the Management Server in the C:\Program Files\Forcepoint\SMC directory in Windows, some program data might be stored in the
C:\ProgramData\Forcepoint\SMC directory.
-
Edit the SGConfiguration.txt file and add the following parameters as needed.
Table 1. SGConfiguration parameters
Parameter name |
Description |
DCP_INITIAL_DELAY |
Time (in seconds) to wait after initialization before the first connection attempt to the Management Server. The default value is 5 seconds.
|
DCP_CONNECTION_INTERVAL |
Time (in seconds) to wait before connecting again to the Management Server after a successful connection. The default value is 25 seconds.
|
DCP_RETRY_INTERVAL
|
Time (in seconds) to wait before connecting again to the Management Server after a failed connection attempt. The default value is 25
seconds. |
DCP_IDLE_TIMEOUT
|
Time (in seconds) before an idle connection is closed. The default value is 1800 seconds (30 minutes). |
-
Save and close the file.
-
Refresh the policies of the engines to transfer the changes.