About this Help This online Help was created for Forcepoint NGFW Manager and VPN Broker, version 7.0.0.
Find product documentationIn the Forcepoint Customer Hub, you can find information about a released product, including product documentation, technical articles, and more.
Links to downloads NGFW Engine upgrades and dynamic update packages are available at these websites.
ConventionsThe following typographical conventions and icons are used.
Getting startedYou can use the Forcepoint NGFW Manager to configure the VPN Broker or to manage a single Forcepoint Next Generation Firewall (Forcepoint NGFW) Engine.
Getting started with the Forcepoint NGFW Manager and the VPN BrokerThe Forcepoint NGFW Manager is the user interface for configuring the VPN Broker. The VPN Broker automatically creates and removes VPN tunnels as needed in full-mesh VPN environments.
Configuring a single VPN BrokerThe VPN Broker creates highly-scalable, full-mesh VPN environments. VPN tunnels are automatically created between NGFW Engines when they communicate with each other. The VPN tunnels are automatically removed when they are no longer needed.
Getting started with the VPN Broker The VPN Broker environment consists of a VPN Broker domain, a VPN Broker gateway, and several VPN Broker members.
Single VPN Broker configuration overviewTo configure a single VPN Broker, you must complete steps in the NGFW Manager and in the SMC.
Start the NGFW ManagerThe NGFW Configuration Wizard allows you to configure settings for the Forcepoint NGFW appliance. Start the NGFW Manager from the web browser version of the NGFW Configuration Wizard.
Select the mode in the NGFW ManagerModes in the NGFW Manager allow you to either configure the VPN Broker or locally manage a single NGFW Engine.
Configure an interface for members of the VPN Broker domainInterfaces for each Ethernet port on the NGFW appliance are automatically included in the interface table. You must add an IP address for the interface to which members of the VPN Broker domain connect.
Create elements for the VPN Broker configuration in the NGFW ManagerYou must create the elements that represent the VPN Broker configuration in the NGFW Manager.
Export the VPN Broker Domain element to a fileTo create the elements needed in the SMC, you must export the VPN Broker Domain element from the NGFW Manager.
Enable the VPN configuration in the NGFW Manager The VPN configuration must be enabled in the properties of the NGFW Engine in the NGFW Manager.
Create elements for the VPN Broker configuration in the SMCAfter you have finished the configuration steps in the NGFW Manager, you must create the elements that represent the VPN Broker configuration in the SMC.
Check the status of the VPN BrokerTo make sure that the components in the VPN Broker configuration are working correctly, check the status of the VPN Broker in the Management Client component of the SMC or on the command line of the NGFW Engine.
Configuring VPN Broker high availability When you configure high availability for the VPN Broker, there are multiple VPN Broker gateways in the same VPN Broker domain. All VPN Broker members can connect to any VPN Broker gateway in the VPN Broker domain.
Getting started with VPN Broker high availabilityThe VPN Broker high availability environment consists of a VPN Broker domain, two or more VPN Broker gateways, and several VPN Broker members.
VPN Broker high availability configuration overview The configuration consists of these high-level steps.
Start the NGFW ManagerThe NGFW Configuration Wizard allows you to configure settings for the Forcepoint NGFW appliance. Start the NGFW Manager from the web browser version of the NGFW Configuration Wizard.
Select the mode in the NGFW ManagerModes in the NGFW Manager allow you to either configure the VPN Broker or locally manage a single NGFW Engine.
Configure an interface for members of the VPN Broker domainInterfaces for each Ethernet port on the NGFW appliance are automatically included in the interface table. In each NGFW Manager, you must add an IP address for the interface to which members of the VPN Broker domain can connect.
Create elements for the VPN Broker high availability configuration in the NGFW ManagerYou must create the elements that represent the VPN Broker configuration in the NGFW Manager.
Export a VPN Broker Domain element to a file for high availabilityIn the primary NGFW Manager, export the VPN Broker Domain element to a file.
Enable the VPN configuration in each NGFW ManagerIn each NGFW Manager, enable the VPN configuration in the properties of the NGFW Engine.
Create elements for the VPN Broker high availability configuration in the SMCYou must create the elements that represent the VPN Broker configuration in the SMC.
Check the status of the VPN Broker To make sure that the components in the VPN Broker configuration are working correctly, check the status of the VPN Broker in the Management Client component of the SMC or on the command line of the NGFW Engine.
Local management of a single NGFW EngineYou can use the Forcepoint NGFW Manager to locally manage a single NGFW Engine.
Setting up the NGFW Engine for local managementTo use the NGFW Manager for local management of a single NGFW Engine, configure the necessary settings for the NGFW Engine.
Monitoring the NGFW EngineLog and alert entries provide information about what is going on in your network environment.
Configuring other NGFW Engine propertiesYou can optionally configure other NGFW Engine properties if necessary.
Maintenance Most maintenance tasks can be done for both the VPN Broker and for single NGFW Engines.
Maintenance tasksMaintenance includes procedures that you do not typically need to do frequently.