Secure SD-WAN supports both policy-based and route-based VPN tunnels between VPN gateways. For full remote access, Secure SD-WAN supports both IPsec and SSL VPN tunnels for VPN clients.
The following example configurations outline common VPN use cases.
This online help was created for Forcepoint FlexEdge Secure SD-WAN, version 7.1.x.
Before setting up Forcepoint FlexEdge Secure SD-WAN, it is useful to know what the different components do and what engine roles are available.
Before you can set up the system and start configuring elements, you must consider how the different SMC components should be positioned and deployed.
After deploying the SMC components, you are ready to start using the Management Client and carrying out some of the first configuration tasks.
You can use the SMC to monitor system components and third-party devices. You can also view and filter logs, and create Reports from them.
You can command and set options for engines through the Management Client or on the engine command line. You can also stop traffic manually.
SD-WAN Manager configuration allows you to customize how the SMC components work.
You can create and modify Engines, IPS engines, Layer 2 Engines, Master Engines and Virtual Secure SD-WAN Engines. You can configure the Secure SD-WAN Engine properties, activate optional features, and configure advanced Secure SD-WAN Engine settings.
Use the Management Client to configure static or dynamic routing, and use a Multi-Link configuration to manage and distribute inbound and outbound connections.
Policies are key elements that contain rules for allowing or blocking network traffic and inspecting the content of traffic.
User accounts are stored in internal databases or external directory servers. You can use Secure SD-WAN in the Engine/VPN role or external authentication servers to authenticate users.
A VPN extends a secured private network over public networks by encrypting connections so that they can be transported over insecure links without compromising confidential data.
VPNs allow creating secure, private connections through networks that are not otherwise secure.
You can follow these examples when you set up your own VPNs and add other features after the basic scenario is configured and working.
This scenario shows an example of how to create a policy-based VPN between two or more Secure SD-WAN Engines managed through the same SMC.
This scenario walks you through creating a site-to-site VPN between one Secure SD-WAN Engine and one external VPN gateway that is not managed through the same SMC.
This configuration scenario walks you through creating a mobile VPN between an Secure SD-WAN Engine and more than one Forcepoint VPN Client.
In a VPN hub configuration, a gateway is configured to forward VPN traffic between different VPN tunnels.
A digital certificate is a proof of identity. Secure SD-WAN in the Engine/VPN role supports using certificates for authenticating gateways and the Forcepoint VPN Client.
You can reconfigure and tune existing VPNs.
Forcepoint VPN Client does not have controls for many settings that are needed for establishing a SD-WAN. These settings are defined in the SMC. Forcepoint VPN Client downloads the settings from the gateways it connects to. VPN clients are only supported in policy-based VPNs.
The SSL VPN Portal uses secure sockets layer (SSL) encryption to allow authenticated users to establish secure connections to internal HTTP and HTTPS services through a standard web browser or through a client application that allows direct network access.
Maintenance includes procedures that you do not typically need to do frequently.
Troubleshooting helps you resolve common problems in the Secure SD-WAN and SMC.