Deploying Security Engines on cloud-based virtualization platforms

You can deploy Security Engines on cloud-based virtualization platforms, such as the Amazon Web Services (AWS) cloud and the Microsoft Azure cloud.

Security Engines on cloud-based virtualization platforms provide VPN connectivity, access control, and inspection for services hosted on cloud-based virtualization platforms.

For information about deploying Security Engines in the AWS cloud, see the document How to deploy Forcepoint Network Security Platform in the Amazon Web Services cloud and Knowledge Base article 10156.

For information about deploying Security Engines in the Azure cloud, see the document How to deploy Forcepoint Network Security Platform in the Azure cloud and Knowledge Base article 14485.

After deployment, you can manage Security Engines on cloud-based virtualization platforms using the SMC Client in the same way as other Security Engines. If you deploy Security Engines that use the scaling feature, you can only preview the Security Engines and make changes to the Engine policies.

Note: Only Single Security Engine with Layer 3 Interfaces are supported. Master Engines and Virtual Engines are not supported.

Licensing

Two licensing models are supported.
  • Bring Your Own License — You pay only the AWS or Azure standard runtime fee for the Security Engine instance. You must install a license for the Security Engine in the SMC.
  • Hourly (pay as you go license) — You pay the AWS or Azure standard runtime fee for the Security Engine instance plus an hourly license fee based on the runtime of the Security Engine. No license installation is needed for the Security Engine in the SMC.

For features that require separate licenses, the SMC automatically detects which licensing model the Security Engine uses.