Layer 2 interfaces for Forcepoint Network Security Platform in the Engine/VPN role

Layer 2 interfaces on Security Engines in the Engine/VPN role allow the Security Engine to provide the same kind of traffic inspection that is available for Security Engines in the IPS and Layer 2 Engine roles.

Layer 2 interfaces on Security Engines in the Engine/VPN role provide the following benefits:

• When the same Security Engine has both layer 2 and layer 3 interfaces, administration is easier because there are fewer Security Engine elements to manage in the SMC.
• It is more efficient and economical to use one Security Engine hardware device that has both layer 2 and layer 3 interfaces because a smaller number of Security Engine appliances can provide the same traffic inspection.
• When you use layer 2 interfaces on Security Engines in the Engine/VPN role, the Security Engine can use options and features that are not available on Security Engines in the IPS or Layer 2 Engine roles.

  For example, an Security Engine in the Engine/VPN role can use Forcepoint Endpoint Context Agent (ECA), Forcepoint User ID service, NetLinks for communication with the SMC, and dynamic control IP addresses, while also providing the same kind of traffic inspection that is available for Security Engines in the IPS and Layer 2 Engine roles.