SD-WAN Manager configuration allows you to customize how the SMC components work.
This online help was created for Forcepoint FlexEdge Secure SD-WAN, version 7.1.4.
Before setting up Forcepoint FlexEdge Secure SD-WAN, it is useful to know what the different components do and what engine roles are available.
Before you can set up the system and start configuring elements, you must consider how the different SMC components should be positioned and deployed.
After deploying the SMC components, you are ready to start using the Management Client and carrying out some of the first configuration tasks.
You can use the SMC to monitor system components and third-party devices. You can also view and filter logs, and create Reports from them.
You can command and set options for engines through the Management Client or on the engine command line. You can also stop traffic manually.
Administrator accounts define administrator rights and permissions in the SMC.
The SMC can escalate the alerts generated so that notifications are sent to the administrators through multiple channels.
Domain elements allow you to restrict which elements are displayed to the administrators in the Management Client and in the optional Web Portal. They also allow you to define in which administrative Domains an administrator has permissions. Configuring Domains requires a special license.
The Web Portal provides browser-based access to logs, reports, and Policy Snapshots for specific authorized users. The Web Portal is provided by the Web Portal Server, which is an optional component that you can purchase for your SMC.
To avoid installing the full Java-based Management Client on each workstation that an administrator uses, you can run the Management Client in a web browser.
When the Management Server provides the Management Client for download, administrators can download and install the Management Client from the SMC Downloads page.
You can modify a Log Server element, configure settings for Log Servers, and recertify Log Servers.
You can install several Management Servers and Log Servers to provide high availability for the SMC.
You can modify settings for Management Servers, change hardware platforms or the IP addresses used in system communications, change the type of certificate authority, and change the role of Secure SD-WAN Engines.
You can create and modify Engines, IPS engines, Layer 2 Engines, Master Engines and Virtual Secure SD-WAN Engines. You can configure the Secure SD-WAN Engine properties, activate optional features, and configure advanced Secure SD-WAN Engine settings.
Use the Management Client to configure static or dynamic routing, and use a Multi-Link configuration to manage and distribute inbound and outbound connections.
Policies are key elements that contain rules for allowing or blocking network traffic and inspecting the content of traffic.
User accounts are stored in internal databases or external directory servers. You can use Secure SD-WAN in the Engine/VPN role or external authentication servers to authenticate users.
Secure SD-WAN supports both policy-based and route-based VPN tunnels between VPN gateways. For full remote access, Secure SD-WAN supports both IPsec and SSL VPN tunnels for VPN clients.
Maintenance includes procedures that you do not typically need to do frequently.
Troubleshooting helps you resolve common problems in the Secure SD-WAN and SMC.