Create Single Firewall elements

Create a Single Firewall element for each Forcepoint NGFW engine that you deploy in the AWS cloud.

Before you begin

Configure the network connections and contact addresses for the SMC.

These steps provide an overview of the NGFW configuration process. For detailed instructions, see the following documentation:

  • Forcepoint Next Generation Firewall Installation Guide
  • Forcepoint Next Generation Firewall Product Guide

Steps

  1. In the Management Client component of the SMC, add a Single Firewall element.
  2. From the Location drop-down list on the General pane, select the Location element for elements outside of the local network of the SMC servers.
    In the example configuration, the "internet" Location element is used.
  3. Add a layer 3 physical interface and configure it as the primary control interface.
    1. To add a layer 3 physical interface, select Add > Layer 3 Physical Interface.
    2. To add a dynamic IP address to the interface, select Add > IPv4 Address.
    3. From the IP address type drop-down list, select Dynamic.
    4. From the Dynamic Index drop-down list, select First DCHP Interface.
    5. In the Interface Options, select Interface ID 0 as the primary control interface.
      The Node-Initiated Contact to Management Server option is automatically selected when the control IP address is dynamic. When the option is selected, the engine opens a connection to the Management Server and maintains connectivity.
  4. (Optional) Add more physical interfaces and IPv4 addresses according to your environment.
  5. If the SMC is located outside of the VPC where the NGFW Engine is deployed, add a route to the Management Server on the Routing pane in one of the following ways:
    • Add a static route through Interface 0 to the IP address of the Management Server.
      Note: The routing configuration in the SMC must be the same as the routing configuration in AWS.
    • Add a default route through Interface 0 to the Internet through Interface 0.
  6. Add more routes and configure other settings according to your environment, then click Save to save and validate changes.
  7. Install a license for the Forcepoint NGFW engine and bind the license to the Single Firewall element.
    Note: When you use the Bring Your own License image, you must install a license for the engine in the SMC.
  8. Save the initial configuration.
    1. Right-click the engine, then select Configuration > Save initial Configuration.


    2. Next to the Initial Security Policy field, click Select and select a policy for the engine.
    3. Select Enable SSH Daemon.
    4. Keep the Save or Upload Initial Configuration dialog box open.
      This dialog box shows the one-time password that you enter when you establish contact between the NGFW Engine and the Management Server.

Next steps

Prepare the AWS environment for the NGFW deployment.