You can create and modify Engines, IPS engines, Layer 2 Engines, Master Engines and Virtual Secure SD-WAN Engines. You can configure the Secure SD-WAN Engine properties, activate optional features, and configure advanced Secure SD-WAN Engine settings.
You can set permissions to control the administration of the engines.
Link to the latest FlexEdge Secure SD-WAN online documentation.
This online help was created for Forcepoint FlexEdge Secure SD-WAN, version 7.2.
Before setting up Forcepoint FlexEdge Secure SD-WAN, it is useful to know what the different components do and what engine roles are available.
Before you can set up the system and start configuring elements, you must consider how the different SMC components should be positioned and deployed.
After deploying the SMC components, you are ready to start using the Management Client and carrying out some of the first configuration tasks.
You can use the SMC to monitor system components and third-party devices. You can also view and filter logs, and create Reports from them.
You can command and set options for engines through the Management Client or on the engine command line. You can also stop traffic manually.
SD-WAN Manager configuration allows you to customize how the SMC components work.
Secure SD-WAN Engine elements contain the configuration information that is directly related to the Engines, IPS engines, and Layer 2 Engines. The configuration information includes interface definitions, cluster mode selection, tester settings, and other options specific to the Secure SD-WAN Engine.
Virtual Engines are logically separate Secure SD-WAN Engines that run as virtual instances on a physical Secure SD-WAN appliance. A Master Engine is a physical appliance that provides resources for Virtual Engines.
The network interface configuration for Secure SD-WAN Engines is stored on the Management Server in the properties of Single Engine, Engine Cluster, Single IPS, IPS Cluster, Single Layer 2 Engine, Layer 2 Engine Cluster, Master Secure SD-WAN Engine, and Virtual Engine elements.
To maintain the security of your system, the Secure SD-WAN Engines establish an authenticated and encrypted connection with Log Servers and Management Servers.
Element-based NAT allows you to define NAT addresses in the properties of an element. The NAT definitions define how engines translate network IP addresses.
The Secure SD-WAN Engine tester runs various checks on the Secure SD-WAN Engine and initiates responses based on the success or failure of these tests.
You can define the permissions that enable or restrict administrators to edit and view an engine's properties.
Define the administrator permissions that permit users to access and view engine options.
Assign Policy or Template Policy permissions for engines.
DNS relay allows the engine to provide DNS services for clients in internal networks.
SNMP is a standard protocol that different equipment can use to send network management-related information to each other. You can configure Secure SD-WAN Engines to send SNMP traps to external equipment.
Network devices can use the Link Layer Discovery Protocol (LLDP) to advertise their identity, capabilities, and neighbors on a local area network.
Alias elements can be used to represent other network elements in configurations. The value an Alias takes in a configuration can be different on each Secure SD-WAN Engine where the Alias is used.
There are several add-on features that you can use on Engines, IPS engines, Layer 2 Engines, Virtual Engines, Virtual IPS engines, and Virtual Layer 2 Engines.
Advanced settings cover various system parameters related to different features.
Use the Management Client to configure static or dynamic routing, and use a Multi-Link configuration to manage and distribute inbound and outbound connections.
Policies are key elements that contain rules for allowing or blocking network traffic and inspecting the content of traffic.
User accounts are stored in internal databases or external directory servers. You can use Secure SD-WAN in the Engine/VPN role or external authentication servers to authenticate users.
Secure SD-WAN supports both policy-based and route-based VPN tunnels between VPN gateways. For full remote access, Secure SD-WAN supports both IPsec and SSL VPN tunnels for VPN clients.
Maintenance includes procedures that you do not typically need to do frequently.
Troubleshooting helps you resolve common problems in the Secure SD-WAN and SMC.