Enhancements

This release of the product includes these enhancements.

Enhancements in SMC version 7.1.1

Enhancement Description
Local Sandbox - Advanced Malware Detection & Protection option

You can now configure an Advanced Malware Detection & Protection local sandbox to detect advanced threats by analyzing the behavior of files in a restricted operating system environment.

Note: You need a local Advanced Malware Detection & Protection server to use this local sandbox service.

For more information, see the Connect Secure SD-WAN to a sandbox service and the Define Sandbox Service elements sections in the Forcepoint FlexEdge Secure SD-WAN Product Guide.

Easy identification of VPN site status

Support for enabled and disabled VPN site icons are added. The appropriate VPN site icon is displayed in the preview or editor view in SMC User Interface to help easily differentiate, if the VPN site is in enabled or disabled state.

Temporarily Ban for Multiple Failed Logon Attempts (Password Policy) option

You can now configure the password policy in the global system settings to temporarily ban an IP address, when logon attempts by a SMC administrator from a single IP address reaches the maximum failed logon attempts.

For more information, see the Centralized management of global system settings section in the Forcepoint FlexEdge Secure SD-WAN Product Guide.

Updated the ElasticSearch client libraries to version 8.8.2
The ElasticSearch client libraries are updated to the version 8.8.2 to improve the indexing performance.
Note: In the ElasticSearch version 8.8.2, OpenSearch is no longer supported.

For more information, see the Requirements for using Elasticsearch with Forcepoint NGFW Security Management Center (SMC) Knowledge Base Article.

Enhancements in SMC version 7.1.0

Enhancement Description
BGP Monitoring Protocol (BMP) Configuration

Support for BMP configuration options from the Dynamic Routing Editor. It is used to monitor BGP sessions and send the monitored data from BGP routers to the network management entities. Also, when configured the log events includes the information for the configured options, and which in turn helps to make correlation of BMP and engine logs easy for analytics.

For more information, see Create core elements for dynamic routing, and Enable BGP on the Engine, Engine Cluster, or Virtual Engine sections in Forcepoint Next Generation Firewall Product Guide.

Improved Application Health Monitoring
The Application Health Monitoring feature now comes with the following support:
  • Enhanced engine monitoring and better support for non-TCP traffic, that is there is now support for applications that use UDP for data transport.
  • Visibility into application health history and health status history of network applications.
  • Better ISP link status monitoring.
  • Application health status history.

For more information, see Application Health Monitoring Dashboard section in Forcepoint Next Generation Firewall Product Guide.

Improved SD-WAN algorithms and link selection logic
The following updates have been done to provide for better user experience:
  • Engine logic is updated to avoid too much packet loss before the traffic is sent to the better links.
  • The QoS link value is tuned to make QoS link value selection feature to work as intended.

Also, the Default SD-WAN Link Balancing Preference option is made available to allow you to set the preferences on how the traffic is balanced over the links for each engine.

For more information, see Create Link Usage Profile elements section in Forcepoint Next Generation Firewall Product Guide.

Tunnel interface now supports multiple IP addresses It is now possible to add multiple IP addresses (that can be of types IPv4 and IPv6) for tunnel interfaces.
IPFIX forwarding When you export IPFIX information, the following new IPFIX Element IDs are now supported:
  • EID 5 ipClassOfService
  • EID 58 vlanId (source VLAN)
  • EID 59 postVlanId (destination VLAN)
  • EID 60 ipVersion
  • EID 89 forwardingStatus
  • EID 90 mplsVpnRouteDistinguisher
  • EID 131 exporterIPv6Address
Note:
  1. EID 90 mplsVpnRouteDistinguisher is exported, only when BMP monitoring is configured for the engine that originates the log entries.
  2. The following IPFIX element IDs are only generated by engine version 7.1.0 or later:
    • EID 5 ipClassOfService
    • EID 89 forwardingStatus
    • EID 90 mplsVpnRouteDistinguisher