Configure Forcepoint SMC
Forcepoint SMC must be reachable from AWS components that provision the necessary configuration between the NGFW engines hosted in AWS and the existing SMC using the SMC API. If SMC is not already reachable from outside the private company network, do as follows:
- Sign into the SMC.
- Navigate to Configuration > Administration.
- Expand Access Rights and then select API Clients.
- Right-click API Clients and select New API Client. The API Client Properties screen is displayed.
- Add a name in the Name field, and then click Generate Authentication Key. You can save the authentication key in your local drive for future reference.
- Select the Permissions tab.
- Select Unrestricted Permissions (Superuser) option.
- Click OK.
- From the left navigate panel navigate to Certificates, and then select TLS Credentials.
- Right-click TLS Credentials and select New TLS Credentials. Perform the following:
- Type a name for the certificate.
- Type the publicly accessible IP address into the Common Name [CN] field. Rest of the fields must have existing default values.
- Click Next.
- Select the Self-Sign option, and then click Finish.
- Right-click the newly created Credential and select Properties.
- From the Certificate properties window, select the Certificate tab, then copy the entire content including the lines:—–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–.
- Save the certificate in your local drive for future reference.
- Click OK.
- Close the Certificate window.
- From the left navigation pane, select Other Elements and right-click Locations.
- Select New Location. The Location Properties window is displayed.
- Type "cloud" in the Name field using only lower-case characters
- Click OK.
- In the SMC header select Home.
- From the left navigation menu, select Others. Right-click Management Server and select Properties.
- Click General tab and then select Exceptions.
- Click Add and browse the location "cloud" created in step 19. Select "cloud" and enter the public IP of the SMC into the Contact Addresses section.
- Click OK.
- Navigate to the SMC API tab and select Enable.
- From the Server Credentials section click the option Select.
- From the Select Element windows select the TLS Credentials that has been created already.
- From the Server TLS Cryptography Suite Set section, click the option Select.
- From the Select Element window, select the option
NIST(SP 800-52 Rev.2) Compatible TLS Cryptographic Algorithms
. - Click Select and then OK in the Management Server-Properties window when finished.
- Click Yes.
- Navigate to the Home tab of the SMC.
- Right-click Log Server and select Properties.
- Add an exception same as done in step 23.