Use the Management Client to configure static or dynamic routing, and use a Multi-Link configuration to manage and distribute inbound and outbound connections.
Inbound traffic management ensures that services remain available even when one or more servers or NetLinks fail, and balances the load of incoming traffic more efficiently between a group of servers. Inbound traffic management is not supported on Layer 2 Engines or on layer 2 physical interfaces on Engines.
Using Server Pools, you can manage incoming traffic to your web servers.
Link to the latest FlexEdge Secure SD-WAN online documentation.
This online help was created for Forcepoint FlexEdge Secure SD-WAN, version 7.1.0.
Before setting up Forcepoint FlexEdge Secure SD-WAN, it is useful to know what the different components do and what engine roles are available.
Before you can set up the system and start configuring elements, you must consider how the different SMC components should be positioned and deployed.
After deploying the SMC components, you are ready to start using the Management Client and carrying out some of the first configuration tasks.
You can use the SMC to monitor system components and third-party devices. You can also view and filter logs, and create Reports from them.
You can command and set options for engines through the Management Client or on the engine command line. You can also stop traffic manually.
SD-WAN Manager configuration allows you to customize how the SMC components work.
You can create and modify Engines, IPS engines, Layer 2 Engines, Master Engines and Virtual Secure SD-WAN Engines. You can configure the Secure SD-WAN Engine properties, activate optional features, and configure advanced Secure SD-WAN Engine settings.
Routing defines through which next hop router the Secure SD-WAN Engine forwards traffic from a source address to a destination address. Antispoofing defines which addresses are considered valid source addresses for the networks connected to each interface.
With dynamic routing, Secure SD-WAN Engines automatically change their routing when the network topology changes. The Secure SD-WAN Engines can also exchange information about appropriate routing paths.
You can use Multi-Link to distribute outbound traffic between multiple network connections and to provide high availability and load balancing for outbound traffic.
Server Pool elements provide inbound traffic management for traffic to servers in the protected network.
The Server Pool element collects servers that provide a particular service into a single element and defines the settings for handling the inbound traffic.
There are different methods for monitoring whether a server or a service running on a server is available.
Before you can enable Server Pool load balancing using NAT rules, you must create Access rules to allow the type of traffic that is handled by the Server Pool.
NAT rules specify which traffic is directed to the Server Pool. You can use NAT rules to apply both source and destination address translation for Server Pools.
NAT rules are the preferred way to enable Server Pool load balancing. For backward compatibility, it is still possible to enable Server Pool load balancing using Access rules.
The Secure SD-WAN Engine can automatically update dynamic DNS (DDNS) entries for the Server Pool according to the available NetLinks.
Server Pool Monitoring Agents provide advanced features for monitoring the server load and status.
To configure load balancing for multiple web servers, you can set up a Server Pool.
When you set up dynamic DNS updates, the Server Pool NetLink addresses that correspond to the available Internet connections are updated automatically on the DNS server.
When you use Multi-Link for outbound traffic management or Multi-Link VPNs, Secure SD-WAN in the Engine/VPN role can dynamically select the NetLink or VPN link that best matches the quality requirements of traffic.
Policies are key elements that contain rules for allowing or blocking network traffic and inspecting the content of traffic.
User accounts are stored in internal databases or external directory servers. You can use Secure SD-WAN in the Engine/VPN role or external authentication servers to authenticate users.
Secure SD-WAN supports both policy-based and route-based VPN tunnels between VPN gateways. For full remote access, Secure SD-WAN supports both IPsec and SSL VPN tunnels for VPN clients.
Maintenance includes procedures that you do not typically need to do frequently.
Troubleshooting helps you resolve common problems in the Secure SD-WAN and SMC.