IPsec overview

IPsec is an extension to the IP protocol that provides secure traffic tunneling by authenticating and encrypting information sent over a network.

Traffic to the Forcepoint ONE SSE Cloud SWG service can be fully encapsulated in tunnel mode, providing complete traffic encryption.

By default, two Forcepoint data centers are provided for Cloud SWG. Forcepoint strongly recommends configuring your edge devices to fail over to second data center for geographic redundancy. Tunnels should be configured with automatic failover. Each data center has a tunnel monitoring address that can be used to monitor the status of the connection.

Note: Connection redundancy is a requirement for the Forcepoint ONE SSE SLA. Redundancy can be achieved by configuring connections to both data centers addresses provided and configuring your edge device to fail over in the event of network disruption.

This guide describes how to configure the Forcepoint Next Generation Firewall (Forcepoint NGFW) using the Forcepoint ONE SSE Cloud SWG IPsec tunnel configurations.

Note: From version 7.1 onwards, Forcepoint Next Generation Firewall is rebranded to Forcepoint FlexEdge Secure SD-WAN. For documentation on Forcepoint FlexEdge Secure SD-WAN, check the link: Forcepoint FlexEdge Secure SD-WAN documentation.