Layer 2 interfaces for Secure SD-WAN in the Engine/VPN role

Layer 2 interfaces on Secure SD-WAN Engines in the Engine/VPN role allow the Secure SD-WAN Engine to provide the same kind of traffic inspection that is available for Secure SD-WAN Engines in the IPS and Layer 2 Engine roles.

Layer 2 interfaces on Secure SD-WAN Engines in the Engine/VPN role provide the following benefits:

• When the same Secure SD-WAN Engine has both layer 2 and layer 3 interfaces, administration is easier because there are fewer Secure SD-WAN Engine elements to manage in the SMC.
• It is more efficient and economical to use one Secure SD-WAN hardware device that has both layer 2 and layer 3 interfaces because a smaller number of Secure SD-WAN appliances can provide the same traffic inspection.
• When you use layer 2 interfaces on Secure SD-WAN Engines in the Engine/VPN role, the Secure SD-WAN Engine can use options and features that are not available on Secure SD-WAN Engines in the IPS or Layer 2 Engine roles.

  For example, an Secure SD-WAN Engine in the Engine/VPN role can use Forcepoint Endpoint Context Agent (ECA), Forcepoint User ID service, NetLinks for communication with the SMC, and dynamic control IP addresses, while also providing the same kind of traffic inspection that is available for Secure SD-WAN Engines in the IPS and Layer 2 Engine roles.