Master Engine requirements

Master Engines have specific hardware requirements.

• Each Master Engine must run on a separate physical device. For more details, see the Forcepoint Network Security Platform Installation Guide.
• All Virtual Engines hosted by a Master Security Engine or Master Security Engine cluster must have the same role and the same Failure Mode (fail-open or fail-close).
• Master Security Engines can allocate VLANs or interfaces to Virtual Security Engines. If the Failure Mode of the Virtual IPS engines or Virtual Layer 2 Engines is Normal (fail-close) and you want to allocate VLANs to several Security Engines, you must use the Master Security Engine cluster in standby mode.
• Cabling requirements for Master Security Engine clusters that host Virtual IPS engines or Layer 2 Engines:
  • Failure Mode Bypass (fail-open) requires IPS serial cluster cabling.
  • Failure Mode Normal (fail-close) requires Layer 2 Engine cluster cabling.
  For more information about cabling, see the Forcepoint Network Security Platform Installation Guide.