Example

To ensure configuration is done properly and both the Forcepoint NGFW Engines are working fine, follow the following steps to create a test bed.

  1. Create a Windows Server 16 machine in the subnet-1-front subnet.
    • In the Azure portal search for Virtual Machines and select Virtual machines.
    • Click Add and select Virtual machine.
    • Select a Resource Group for this Virtual Machine.
    • In Virtual machine name option, give a name to this virtual machine.
    • For Region, select the Azure region where you have deployed the ARM template.
    • For Image, select a Windows Server 2016 image.
    • In the Administrator account section, enter a username and a password. Save both in a secure location for future reference.
    • In the Inbound port rules section, select None for Public inbound ports.
    • Click Next: Disk.
    • Click Next: Networking.
    • Select the Virtual network used (or create if not already existing) by the ARM template.
    • Select the subnet subnet-1-front.
    • For the public IP, select None.
    • Click Review + Create.
    • Click Create.

It might take few moments to create the VM.

  1. Add a rule to the External Load Balancer to forward the RDP traffic to its Backend pool.
    • In the Azure portal, search for Load Balancers and select it.
    • Click the External Load Balancer which has been created by the ARM template (the load balancer which ends with -externallb)
    • Under the Setting section, click Load balancing rules
    • Click Add
    • Give a name to this rule.
    • For Port, add 3389.
    • For Backend Port, add 3389.
    • Click OK to save the rule.
  2. Add a rule to the Firewall Policy used with the Forcepoint NFGW engines to allow RDP to the Windows Server 2016 you have created.
    • Login to the Forcepoint SMC.
    • Select Configurations > Policies > Firewall policies and find the policy used in the ARM template.
    • Right-click on your policy name and select Edit Firewall Policy.
    • Click Yes.
    • Add a new Rule.
    • Define the firewall rule with specific source IPs, so that only the intended user testing the deployment will have access via Remote Desktop to the Windows Server 2016 machine hosted in Azure.
    • Click IPv4 NAT.
    • Set Source to ANY.
    • Set Destination to $$ DHCP Interface 1.ip.
    • Set Service to any.
    • Right-click NAT and select Edit NAT.
    • Configure Source Translation .
    • Click Destination Translation, select Translate Type as Translate Destination.
    • Click Translate Destination.
    • Click on Address, enter the private IP address of the Windows Server 2016 VM you have created, and click OK.
    • The configuration for Translate Destination looks similar to the following sample screenshot:
    • The final configuration for IPv4 NAT will look as in the following screenshot:
    • Click the Save and install icon, this will deploy the policy to both Forcepoint NFGW Engine instances on Azure.
  3. Login to the Windows Server 2016 using Remote Desktop.
    • On any Windows machine, search for Remote Desktop Connection.
    • Enter the DNS name or the public IP address of the External Load Balancer and click Connect.

If all configuration settings are correct, you need to enter the credentials to login to the Windows Server 2016 machine.