You can create and modify Firewalls, IPS engines, Layer 2 Firewalls, Master Engines and Virtual Engines. You can configure the Engine properties, activate optional features, and configure advanced Engine settings.
DNS relay allows the firewall to provide DNS services for clients in internal networks.
This online help was created for Secure SD-WAN Manager, version 6.10.100.0.
Before setting up FlexEdge Secure SD-WAN, it is useful to know what the different components do and what engine roles are available.
Before you can set up the system and start configuring elements, you must consider how the different Secure SD-WAN Manager components should be positioned and deployed.
After deploying the Secure SD-WAN Manager components, you are ready to start using the Management Client and carrying out some of the first configuration tasks.
You can use the Secure SD-WAN Manager to monitor system components and third-party devices. You can also view and filter logs, and create Reports from them.
You can command and set options for engines through the Management Client or on the engine command line. You can also stop traffic manually.
Secure SD-WAN Manager configuration allows you to customize how the Secure SD-WAN Manager components work.
Engine elements contain the configuration information that is directly related to the Firewalls, IPS engines, and Layer 2 Firewalls. The configuration information includes interface definitions, cluster mode selection, tester settings, and other options specific to the Engine.
Virtual Engines are logically separate Engines that run as virtual instances on a physical appliance. A Master Engine is a physical appliance that provides resources for Virtual Engines.
The network interface configuration for Engines is stored on the Management Server in the properties of Single Firewall, Firewall Cluster, Single IPS, IPS Cluster, Single Layer 2 Firewall, Layer 2 Firewall Cluster, Master Engine, and Virtual Engine elements.
To maintain the security of your system, the Engines establish an authenticated and encrypted connection with Log Servers and Management Servers.
Element-based NAT allows you to define NAT addresses in the properties of an element. The NAT definitions define how firewalls translate network IP addresses.
The Engine tester runs various checks on the Engine and initiates responses based on the success or failure of these tests.
You can set permissions to control the administration of the engines.
In DNS relay, clients send DNS requests to a DNS resolver, which forwards the requests to a remote DNS server. In Engine, the firewall can act as a local DNS resolver for clients in the internal network.
To enable DNS relay, you must configure DNS Relay settings for the firewall. You can optionally create custom DNS Relay Profile elements.
SNMP is a standard protocol that different equipment can use to send network management-related information to each other. You can configure Engines to send SNMP traps to external equipment.
Network devices can use the Link Layer Discovery Protocol (LLDP) to advertise their identity, capabilities, and neighbors on a local area network.
Alias elements can be used to represent other network elements in configurations. The value an Alias takes in a configuration can be different on each Engine where the Alias is used.
There are several add-on features that you can use on Firewalls, IPS engines, Layer 2 Firewalls, Virtual Firewalls, Virtual IPS engines, and Virtual Layer 2 Firewalls.
Advanced settings cover various system parameters related to different features.
Use the Management Client to configure static or dynamic routing, and use a Multi-Link configuration to manage and distribute inbound and outbound connections.
Policies are key elements that contain rules for allowing or blocking network traffic and inspecting the content of traffic.
User accounts are stored in internal databases or external directory servers. You can use Engine in the Firewall/VPN role or external authentication servers to authenticate users.
Engine supports both policy-based and route-based VPN (virtual private network) tunnels between VPN gateways. For full remote access, Engine supports both IPsec and SSL VPN tunnels for VPN clients.
Maintenance includes procedures that you do not typically need to do frequently.
Troubleshooting helps you resolve common problems in the Engine and Secure SD-WAN Manager.