PDF version of the Help
About this Help
This online Help was created for Forcepoint NGFW Manager and VPN Broker, version 7.2.1.0.
Find product documentation
In the Forcepoint Customer Hub, you can find information about a released product, including product documentation, technical articles, and more.
Links to downloads
NGFW Engine upgrades and dynamic update packages are available at these websites.
Conventions
The following typographical conventions and icons are used.
Getting started
You can use the Forcepoint NGFW Manager to configure the VPN Broker or to manage a single Forcepoint Next Generation Firewall (Forcepoint NGFW) Engine.
Getting started with the Forcepoint NGFW Manager and the VPN Broker
The Forcepoint NGFW Manager is the user interface for configuring the VPN Broker. The VPN Broker automatically creates and removes VPN tunnels as needed in full-mesh VPN environments.
Configuring a single VPN Broker
The VPN Broker creates highly-scalable, full-mesh VPN environments. VPN tunnels are automatically created between NGFW Engines when they communicate with each other. The VPN tunnels are automatically removed when they are no longer needed.
Getting started with the VPN Broker
The VPN Broker environment consists of a VPN Broker domain, a VPN Broker gateway, and several VPN Broker members.
Single VPN Broker configuration overview
To configure a single VPN Broker, you must complete steps in the NGFW Manager and in the SMC.
Start the NGFW Manager
The NGFW Configuration Wizard allows you to configure settings for the Forcepoint NGFW appliance. Start the NGFW Manager from the web browser version of the NGFW Configuration Wizard.
Select the mode in the NGFW Manager
Modes in the NGFW Manager allow you to either configure the VPN Broker or locally manage a single NGFW Engine.
Configure an interface for members of the VPN Broker domain
Interfaces for each Ethernet port on the NGFW appliance are automatically included in the interface table. You must add an IP address for the interface to which members of the VPN Broker domain connect.
Create elements for the VPN Broker configuration in the NGFW Manager
You must create the elements that represent the VPN Broker configuration in the NGFW Manager.
Export the VPN Broker Domain element to a file
To create the elements needed in the SMC, you must export the VPN Broker Domain element from the NGFW Manager.
Enable the VPN configuration in the NGFW Manager
The VPN configuration must be enabled in the properties of the NGFW Engine in the NGFW Manager.
Create elements for the VPN Broker configuration in the SMC
After you have finished the configuration steps in the NGFW Manager, you must create the elements that represent the VPN Broker configuration in the SMC.
Check the status of the VPN Broker
To make sure that the components in the VPN Broker configuration are working correctly, check the status of the VPN Broker in the Management Client component of the SMC or on the command line of the NGFW Engine.
Configuring VPN Broker high availability
When you configure high availability for the VPN Broker, there are multiple VPN Broker gateways in the same VPN Broker domain. All VPN Broker members can connect to any VPN Broker gateway in the VPN Broker domain.
Getting started with VPN Broker high availability
The VPN Broker high availability environment consists of a VPN Broker domain, two or more VPN Broker gateways, and several VPN Broker members.
VPN Broker high availability configuration overview
The configuration consists of these high-level steps.
Start the NGFW Manager
The NGFW Configuration Wizard allows you to configure settings for the Forcepoint NGFW appliance. Start the NGFW Manager from the web browser version of the NGFW Configuration Wizard.
Select the mode in the NGFW Manager
Modes in the NGFW Manager allow you to either configure the VPN Broker or locally manage a single NGFW Engine.
Configure an interface for members of the VPN Broker domain
Interfaces for each Ethernet port on the NGFW appliance are automatically included in the interface table. In each NGFW Manager, you must add an IP address for the interface to which members of the VPN Broker domain can connect.
Create elements for the VPN Broker high availability configuration in the NGFW Manager
You must create the elements that represent the VPN Broker configuration in the NGFW Manager.
Export a VPN Broker Domain element to a file for high availability
In the primary NGFW Manager, export the VPN Broker Domain element to a file.
Enable the VPN configuration in each NGFW Manager
In each NGFW Manager, enable the VPN configuration in the properties of the NGFW Engine.
Create elements for the VPN Broker high availability configuration in the SMC
You must create the elements that represent the VPN Broker configuration in the SMC.
Check the status of the VPN Broker
To make sure that the components in the VPN Broker configuration are working correctly, check the status of the VPN Broker in the Management Client component of the SMC or on the command line of the NGFW Engine.
Local management of a single NGFW Engine
You can use the Forcepoint NGFW Manager to locally manage a single NGFW Engine.
Setting up the NGFW Engine for local management
To use the NGFW Manager for local management of a single NGFW Engine, configure the necessary settings for the NGFW Engine.
Monitoring the NGFW Engine
Log and alert entries provide information about what is going on in your network environment.
Configuring other NGFW Engine properties
You can optionally configure other NGFW Engine properties if necessary.
Maintenance
Most maintenance tasks can be done for both the VPN Broker and for single NGFW Engines.
Maintenance tasks
Maintenance includes procedures that you do not typically need to do frequently.