The SMC Client provides context-sensitive online help.

List of new product and component name changes.

For details on features that have been changed, refer to the About this release section in the Forcepoint Security Management Center 7.3.0 release notes.

For details on removed features, refer to the Upgrade instructions section in the Forcepoint Network Security Platform Security Management Center 7.3.0 release notes.

In the Forcepoint Customer Hub, you can find information about a released product, including product documentation, technical articles, and more.

Security Engine upgrades and dynamic update packages are available at these websites.

The following typographical conventions and icons are used.

The Forcepoint Network Security Platform solution consists of one or more Forcepoint Network Security Platforms and the Forcepoint Security Management Center (SMC). The SMC is the management component of the Forcepoint Network Security Platform solution.

Security Engine in the Engine/VPN role provides access control and VPN connectivity.

The Security Engines in the IPS and Layer 2 Engine roles are part of the Forcepoint Network Security Platform solution. The IPS component provides intrusion detection and prevention, and the Layer 2 Engines provide access control and deep inspection of traffic.

When deploying the SMC, there are some general guidelines for positioning components to guarantee the security of the system.

The positioning of an engine depends on the network environment and the function of the Security Engine.

The positioning of an IPS engine or Layer 2 Engine depends on the network environment and the function of the IPS engine or Layer 2 Engine.

The SMC Client provides the user interface for setting up, managing, and monitoring all features in the SMC.

Network address translation (NAT) means changing the IP address or port information in packets. Most often, NAT is used to allow internal hosts to communicate via networks where their actual address is not routable and to conceal the internal network structure from outsiders.

System communications involve traffic between SMC components, traffic between SMC components and external components that are a part of the system configuration, and external access into the system.

Certificates are proof of identity that SMC components and Security Engines use to authenticate themselves in communications.

Certain tasks are common to most elements. Some of these tasks are not mandatory for defining an element, but are still helpful as you get your SMC up and running.

You can monitor Forcepoint Network Security Platform components and view system summaries in the SMC Client.

The Application Health Monitoring dashboard lets administrators monitor network and application layers connection quality.

The SMC can be configured to log and monitor other manufacturers’ devices in much the same way as SMC components are monitored.

You can view log, alert, and audit entries through the log browsing views. You can view data from SMC servers, all types of engines, and from third-party components that are configured to send data to the SMC.

Reports are summaries of logs and statistics that allow you to combine large amounts of data into an easily viewable form.

Filters allow you to select data based on values that it contains. Most frequently, you use filters when viewing logs, but filters can also be used for other tasks, such as exporting logs and selecting data for reports.

You can command and set options for Engines, Layer 2 Engines, IPS engines, Master Engines, Virtual Engines, Virtual IPS engines, and Virtual Layer 2 Engines through the SMC Client.

Although the engines are managed remotely, some operations on the Linux command line on the engines are useful for troubleshooting and local maintenance operations.

Administrator accounts define administrator rights and permissions in the SMC.

The SMC can escalate the alerts generated so that notifications are sent to the administrators through multiple channels.

Domain elements allow you to restrict which elements are displayed to the administrators in the SMC Client and in the optional Web Portal. They also allow you to define in which administrative Domains an administrator has permissions. Configuring Domains requires a special license.

Using the Web Portal, customers of managed service providers can access information about their systems.

To avoid installing the full Java-based SMC Client on each workstation that an administrator uses, you can run the SMC Client in a web browser.

When the Management Server provides the SMC Client for download, administrators can download and install the SMC Client from the SMC Downloads page.

You can modify a Log Server element, configure settings for Log Servers, and recertify Log Servers.

You can install several Management Servers and Log Servers to provide high availability for the SMC.

You can modify settings for Management Servers, change hardware platforms or the IP addresses used in system communications, change the type of certificate authority, and change the role of Security Engines.

Security Engine elements contain the configuration information that is directly related to the Engines, IPS engines, and Layer 2 Engines. The configuration information includes interface definitions, cluster mode selection, tester settings, and other options specific to the Security Engine.

Virtual Engines are logically separate Security Engines that run as virtual instances on a physical Security Engine appliance. A Master Engine is a physical appliance that provides resources for Virtual Engines.

The network interface configuration for Security Engines is stored on the Management Server in the properties of Single Engine, Engine Cluster, Single IPS, IPS Cluster, Single Layer 2 Engine, Layer 2 Engine Cluster, Master Security Engine, and Virtual Security Engine elements.

To maintain the security of your system, the Security Engine establish an authenticated and encrypted connection with Log Servers and Management Servers.

Element-based NAT allows you to define NAT addresses in the properties of an element. The NAT definitions define how engines translate network IP addresses.

The Security Engine tester runs various checks on the Security Engine and initiates responses based on the success or failure of these tests.

You can set permissions to control the administration of the engines.

DNS relay allows the engine to provide DNS services for clients in internal networks.

SNMP is a standard protocol that different equipment can use to send network management-related information to each other. You can configure Security Engines to send SNMP traps to external equipment.

Network devices can use the Link Layer Discovery Protocol (LLDP) to advertise their identity, capabilities, and neighbors on a local area network.

Alias elements can be used to represent other network elements in configurations. The value an Alias takes in a configuration can be different on each Security Engine where the Alias is used.

There are several add-on features that you can use on Engines, IPS engines, Layer 2 Engines, Virtual Engines, Virtual IPS engines, and Virtual Layer 2 Engines.

Advanced settings cover various system parameters related to different features.

Routing defines through which next hop router the Security Engine forwards traffic from a source address to a destination address. Antispoofing defines which addresses are considered valid source addresses for the networks connected to each interface.

With dynamic routing, Security Engines automatically change their routing when the network topology changes. The Security Engines can also exchange information about appropriate routing paths.

You can use Multi-Link to distribute outbound traffic between multiple network connections and to provide high availability and load balancing for outbound traffic.

Inbound traffic management ensures that services remain available even when one or more servers or NetLinks fail, and balances the load of incoming traffic more efficiently between a group of servers. Inbound traffic management is not supported on Layer 2 Engines or on layer 2 physical interfaces on Engines.

When you use Multi-Link for outbound traffic management or Multi-Link VPNs, Forcepoint Network Security Platform in the Engine/VPN role can dynamically select the NetLink or VPN link that best matches the quality requirements of traffic.

Policy elements are containers for the rules that determine how Security Engines, Master Engines, and Virtual Engines examine traffic. The policy elements for the engines include Template Policies, Policies, and Sub-Policies.

Access rules are lists of matching criteria and actions that define how the engine treats different types of network traffic. They are your main configuration tool for defining which traffic is stopped and which traffic is allowed.

Inspection Policy elements define how the engines look for patterns in traffic allowed through the Access rules and what happens when a certain type of pattern is found.

The Snort open source intrusion prevention system is integrated into Forcepoint Security Engine. You can import externally created Snort configurations into Forcepoint Security Engine to use Snort rule sets for inspection.

The rules in Engine, IPS, Layer 2 Engine, and Layer 2 Interface Policies allow you to control how the engines inspect and filter network traffic, and how NAT (network address translation) is applied on Engines, Master Security Engines, and Virtual Engines.

When you define IP addresses as elements, you can use the same definitions in multiple configurations for multiple components.

Service elements match traffic based on protocol or port and set options for advanced inspection of traffic. Service elements are used in Engine Policies, IPS Policies, Layer 2 Engine Policies, and Layer 2 Interface Policies.

Situation elements contain the context information that defines the pattern that the Security Engine looks for in the inspected traffic. Situation elements also define the patterns that match events in the traffic.

Network Application elements collect combinations of identified characteristics and detected events in traffic to dynamically identify traffic related to the use of a particular network application.

With the User Response element, you can send customized replies to users, instead of just closing an HTTP or HTTPS connection.

The Quality of Service (QoS) features allow you to manage bandwidth and prioritize connections on the Security Engines. QoS features are available on Engines, IPS Security Engines, Layer 2 Engines, Master Engines, Virtual Engines, Virtual IPS Security Engines, and Virtual Layer 2 Engines.

An anti-malware scanner compares network traffic against an anti-malware database to search for viruses and other malware. If malware is found, the traffic is stopped or content is stripped out.

Monitoring and restricting what data is sent out is an important part of data loss prevention (DLP). File filtering allows you to restrict the file types that are allowed in and out through the engine, and to apply malware detection to files.

If you have installed Forcepoint One Endpoint clients on the endpoints in your network, you can collect information about endpoint clients, and use the information for access control in the SMC.

URL filtering allows you to filter URLs based on categories of content or lists of individual URLs.

Protocol elements of the Protocol Agent type are special modules for some protocols and services that require advanced processing. Protocol Agents can enforce policies on the application layer.

Sidewinder Proxies are software modules that provide network level proxies, protocol validation, and configurable application level protocol filtering and translation on Forcepoint Network Security Platform.

The TLS inspection feature decrypts TLS connections so that they can be inspected for malicious traffic and then re-encrypts the traffic before sending it to its destination.

QUIC is a secure general-purpose transport protocol. QUIC combines encryption and transport layer data stream processing into one protocol, thereby, reduces latency and improves security.

In addition to inspecting traffic on the Security Engine, you can transparently forward traffic to a proxy service in the cloud or on premises. For example, you can forward all HTTP and HTTPS traffic to the Forcepoint Web Security Cloud service.

You can configure the Explicit HTTP Proxy to allow clients to send traffic to the Engine before it is sent to the destination.

Block listing is a way to temporarily block unwanted network traffic either manually or automatically with block list requests from an Security Engine or Log Server. Engines, IPS engines, Layer 2 Engines, and Virtual Engines can use a block list for blocking traffic.

A directory server provides access to information about user accounts in a user database. Both internal and external directory servers can be used. Directory servers can be used for user authentication with Forcepoint Network Security Platform in the Engine/VPN role.

You can implement user authentication to control which resources different end users can access. You can use authentication as an access requirement in IPv4 Access and IPv6 Access rules in Engine Policies. You can use both internal and external user authentication servers.

A VPN extends a secured private network over public networks by encrypting connections so that they can be transported over insecure links without compromising confidential data.

VPNs allow creating secure, private connections through networks that are not otherwise secure.

The following example configurations outline common VPN use cases.

A digital certificate is a proof of identity. Forcepoint Network Security Platform in the Engine/VPN role supports using certificates for authenticating gateways and the Forcepoint VPN Client.

You can reconfigure and tune existing VPNs.

Forcepoint VPN Client does not have controls for many settings that are needed for establishing a VPN. These settings are defined in the SMC. Forcepoint VPN Client downloads the settings from the gateways it connects to. VPN clients are only supported in policy-based VPNs.

The SSL VPN Portal uses secure sockets layer (SSL) encryption to allow authenticated users to establish secure connections to internal HTTP and HTTPS services through a standard web browser or through a client application that allows direct network access.

You can configure the Management Server to automatically download and install dynamic update packages, remote upgrades for engines, and licenses.

Backups contain the necessary configuration information to restore the SMC to the state it was in when the backup was taken.

Log management consists of configuring when log data produced, which log entries are stored, and when stored log entries are deleted or archived. To prevent the Log Server storage from filling up, log data management tools help you manage log entries automatically.

Tasks define parameters of system maintenance operations. You can run maintenance operations manually or automatically according to a schedule you set.

All SMC components and Security Engines must be licensed as a proof of purchase. In addition, some additional features can be activated by installing a feature license.

You can upgrade the Management Servers, SMC Clients, Log Servers, and Web Access Servers in your SMC.

You can upgrade Engines, IPS engines, Layer 2 Engines, and Master Engines.

Dynamic Update packages include changes and additions to the system Policies, Situations, and other elements of the SMC.

The SMC Appliance has a specific patching process that keeps the SMC software, operating system, and appliance firmware up-to-date.

General troubleshooting tips help you troubleshoot situations that are not covered by more specific troubleshooting topics.

There are several common problems and solutions related to Administrator accounts and passwords.

Some common alert and log messages that you might see in the Logs view are useful for troubleshooting.

There are several common errors and problems that are directly related to the operation of Engines, IPS engines, and Layer 2 Engines.

Licenses are a proof of purchase used for ensuring that your organization is a legal license holder of the software.

There are some common problems you might encounter when viewing logs or performing tasks related to the log files.

There are several general problems that you might encounter when using the SMC Client.

There are some common problems you might encounter with NAT.

There are some common problems you might encounter when working with policies and the rules that they contain.

There are some common problems that you might encounter when generating reports from raw statistical and log data stored on the Log Server.

There are some common problems that you might encounter when upgrading SMC components.

There are some common problems that you might encounter when creating and managing VPNs.

There are command line tools for the SMC and the Security Engines.

There are default ports used in connections between SMC components and default ports that SMC components use with external components.

Expressions are elements that allow you to create simple definitions for representing complex sets of IP addresses by using logical operands.

Predefined Aliases are used in the default policies. Some of them might be useful when you create your own rules.

There are parameters you can define for Situation Contexts.

The SMC has its own regular expression syntax. Regular expressions are used in Situations for matching network traffic. Situations are used in the Inspection rules on Security Engines.

There are SMC-specific LDAP classes and attributes that you add to the schema of external LDAP servers.

For descriptions of all log fields, see Knowledge Base article 38581.

For a list of available shortcut keys in the SMC Client, see Knowledge Base article 38538.

The multicasting reference describes the general principles of multicasting and how it can be used with CVIs (cluster virtual IP addresses) in Engine Clusters.