Forcepoint Next Generation Firewall How-To How to deploy Forcepoint Next Generation Firewall in the Amazon Web Services cloud
  1. Home
  2. Deploy NGFW in AWS
  3. AWS Transit Gateway
  4. Troubleshooting
  • Deploy NGFW in AWS
    • Introduction

      You can deploy Forcepoint Next Generation Firewall in the Amazon Web Services (AWS) cloud to provide VPN connectivity, access control, and inspection for services in the AWS cloud.

    • Deploying Forcepoint NGFW in the AWS cloud

      You can deploy Forcepoint NGFW in the AWS cloud using 1-Click Launch or using Manual Launch when you have an existing SMC installation.

    • Configure HA

      After you have deployed two NGFW Engines, configure high availability (HA).

    • AWS Transit Gateway
      • Product Compatibility
      • Implementation
      • Networking requirements
      • Configure Forcepoint SMC
      • Provision AWS S3 bucket for Lambda code
      • Generate key pairs and identify AMI
      • Unpack and configure SMC Connector
      • Check SMC API connectivity

        The following steps provide information on how to check SMC API connectivity:

      • Deploy Lambda code and CloudFormation Template
      • Configuring Auto-scaling group
      • Troubleshooting
        • Validate the prerequisites
        • Check network connectivity
        • Check dependencies are installed
        • Check all components are configured and running properly
    • Managing Forcepoint NGFW Engines using the SSM Agent

      You can use the AWS Systems Manager Agent (SSM Agent) to manage Forcepoint NGFW Engines that are deployed in the AWS cloud using the same AWS tools that are used for other AWS resources.

    • Maintenance

      All configuration information for the NGFW Engines is stored on the Management Server component of the SMC. After deployment, you can manage NGFW Engines in the AWS cloud using the Management Client component of the SMC in the same way as other NGFW Engines.

    • Troubleshooting in the AWS console

      You can use diagnostics information provided by the AWS console for troubleshooting.

    • Example deployment

      This example shows a deployment in an example network environment.

    • Configuring VPC ingress routing for an Internet gateway

      VPC ingress routing can direct all traffic from an edge location, such as the Internet or a VPN gateway, through the Forcepoint NGFW Engine before reaching its final destination. These instructions describe how to configure VPC ingress routing for an Internet gateway.

    • Configuring a route-based VPN to AWS with BGP

      The configuration for this scenario includes a virtual private cloud (VPC) with a public subnet and private subnets. A virtual private gateway enables communication with your own on-premises network over an IPsec VPN tunnel. All routing configuration is done using BGP.

    • Find product documentation

      In the Forcepoint Customer Hub, you can find information about a released product, including product documentation, technical articles, and more.

Troubleshooting

Follow these steps to identify issues impacting the normal operation of the integration:

  • Validate the prerequisites
  • Check network connectivity
  • Check dependencies are installed
  • Check all components are configured and running properly
  • Validate the prerequisites
  • Check network connectivity
  • Check dependencies are installed
  • Check all components are configured and running properly

© 2022 Forcepoint
Published 14 October 2022