Introduction to the Forcepoint FlexEdge Secure SD-WAN solution
Before setting up Forcepoint FlexEdge Secure SD-WAN, it is useful to know what the different components do and what engine roles are available. There are also tasks that you must complete to prepare for installation.
Introduction to Forcepoint FlexEdge Secure SD-WAN
The Forcepoint FlexEdge Secure SD-WAN solution consists of Secure SD-WAN Engines and the Forcepoint FlexEdge Secure SD-WAN Manager (SMC). The SMC is the management component of the Forcepoint FlexEdge Secure SD-WAN solution.
Preparing for installation
Before installing Secure SD-WAN, identify the components of your installation and how they integrate into your environment.
FlexEdge Secure SD-WAN Manager deployment
SMC is the management component of the Secure SD-WAN system. SMC must be installed and running before you can deploy the Secure SD-WAN engines.
Installing the SMC
The SMC is the management component of the Forcepoint FlexEdge Secure SD-WAN solution. The SMC manages and controls the other components in the system. You must install the SMC before you can install Secure SD-WAN Engines.
Configuring the SMC
After initial installation is complete, configure the SMC to allow adding the other components for your system.
Forcepoint FlexEdge Secure SD-WAN deployment
Forcepoint FlexEdge Secure SD-WAN deployment consists of adding and configuring engine elements in the SMC, and configuring the Secure SD-WAN Engine software on the engine.
Configuring Forcepoint FlexEdge Secure SD-WAN for the Engine/VPN role
Configuring engine elements in the SMC prepares the SMC to manage Secure SD-WAN Engines in the Engine/VPN role.
Configuring FlexEdge Secure SD-WAN for the IPS role
Configuring engine elements in the SMC prepares the SMC to manage FlexEdge Secure SD-WAN in the IPS role.
Configuring FlexEdge Secure SD-WAN for the Layer 2 Engine role
Configuring engine elements in the SMC prepares the SMC to manage Secure SD-WAN Engines in the Layer 2 Engine role.
Configuring FlexEdge Secure SD-WAN Engines as Master FlexEdge Secure SD-WAN Engines and Virtual FlexEdge Secure SD-WAN Engines
Configuring engine elements in the SMC prepares the SMC to manage Master Secure SD-WAN Engines and Virtual Secure SD-WAN Engines.
Configuring routing
After creating the Secure SD-WAN Engine elements and defining the interfaces, you can configure the basic routing.
Initial configuration of Secure SD-WAN Engine software
After configuring the Secure SD-WAN Engines in the Management Client, apply the initial configuration of the Secure SD-WAN Engine and contact the Management Server.
Creating and installing policies
After successfully applying the initial configuration and establishing contact between the Secure SD-WAN Engines and the Management Server, the Secure SD-WAN Engine is in the initial configuration state. Now you can create and install policies for access control or inspecting traffic.
Maintenance
To maximize the benefit of Secure SD-WAN, upgrade the SMC and Secure SD-WAN regularly.
Upgrading licenses
You must upgrade licenses if you upgrade the SMC, the SMC Appliance, or the Secure SD-WAN Engines to a new major release.
Maintaining the Security Management Center
When there is a new version available, upgrade the SMC before upgrading Secure SD-WAN Engines.
SMC Appliance maintenance
The SMC Appliance has a specific patching process that keeps the SMC software, operating system, and appliance firmware up-to-date.
Upgrading FlexEdge Secure SD-WAN Engines
When a new version of Forcepoint FlexEdge Secure SD-WAN introduces features that you want to use, upgrade the Secure SD-WAN engines.
Default communication ports
There are default ports used in connections between SMC components and default ports that SMC components use with external components.
Command line tools
There are command line tools for the SMC and the Secure SD-WAN Engines.
Installing SMC Appliance software on a virtualization platform
You can install the SMC Appliance software as a virtual machine on virtualization platforms such as VMware ESX.
Installing Forcepoint FlexEdge Secure SD-WAN on a virtualization platform
You can install the Secure SD-WAN Engine software as a virtual machine on virtualization platforms such as VMware ESX or KVM.
Installing Forcepoint FlexEdge Secure SD-WAN software on third-party hardware
You can install the Secure SD-WAN Engine software on third-party hardware that meets the hardware requirements.
Installing the SMC with external certificate management
When you install the SMC, you can use certificates issued by an external CA for internal TLS communication between system components.
Example network (Engine/VPN)
This example gives you a better understanding of how Secure SD-WAN in the Engine/VPN role fits into a network.
Example network (IPS)
To give you a better understanding of how Secure SD-WAN in the IPS role fits into a network, this example outlines a network with IPS engines.
Cluster installation worksheet instructions
For planning the configuration of network interfaces for the engine nodes, use the worksheet.