The Forcepoint FlexEdge Secure SD-WAN solution consists of Secure SD-WAN Engines and the Forcepoint FlexEdge Secure SD-WAN Manager (SMC). The SMC is the management component of the Forcepoint FlexEdge Secure SD-WAN solution.

Before installing Secure SD-WAN, identify the components of your installation and how they integrate into your environment.

The SMC is the management component of the Forcepoint FlexEdge Secure SD-WAN solution. The SMC manages and controls the other components in the system. You must install the SMC before you can install Secure SD-WAN Engines.

After initial installation is complete, configure the SMC to allow adding the other components for your system.

Configuring engine elements in the SMC prepares the SMC to manage Secure SD-WAN Engines in the Engine/VPN role.

Configuring engine elements in the SMC prepares the SMC to manage FlexEdge Secure SD-WAN in the IPS role.

Configuring engine elements in the SMC prepares the SMC to manage Secure SD-WAN Engines in the Layer 2 Engine role.

Configuring engine elements in the SMC prepares the SMC to manage Master Secure SD-WAN Engines and Virtual Secure SD-WAN Engines.

After creating the Secure SD-WAN Engine elements and defining the interfaces, you can configure the basic routing.

After configuring the Secure SD-WAN Engines in the Management Client, apply the initial configuration of the Secure SD-WAN Engine and contact the Management Server.

After successfully applying the initial configuration and establishing contact between the Secure SD-WAN Engines and the Management Server, the Secure SD-WAN Engine is in the initial configuration state. Now you can create and install policies for access control or inspecting traffic.

You must upgrade licenses if you upgrade the SMC, the SMC Appliance, or the Secure SD-WAN Engines to a new major release.

When there is a new version available, upgrade the SMC before upgrading Secure SD-WAN Engines.

The SMC Appliance has a specific patching process that keeps the SMC software, operating system, and appliance firmware up-to-date.

When a new version of Forcepoint FlexEdge Secure SD-WAN introduces features that you want to use, upgrade the Secure SD-WAN engines.

There are default ports used in connections between SMC components and default ports that SMC components use with external components.

There are command line tools for the SMC and the Secure SD-WAN Engines.

You can install the SMC Appliance software as a virtual machine on virtualization platforms such as VMware ESX.

You can install the Secure SD-WAN Engine software as a virtual machine on virtualization platforms such as VMware ESX or KVM.

You can install the Secure SD-WAN Engine software on third-party hardware that meets the hardware requirements.

When you install the SMC, you can use certificates issued by an external CA for internal TLS communication between system components.

This example gives you a better understanding of how Secure SD-WAN in the Engine/VPN role fits into a network.

To give you a better understanding of how Secure SD-WAN in the IPS role fits into a network, this example outlines a network with IPS engines.

For planning the configuration of network interfaces for the engine nodes, use the worksheet.