Configure NGFW settings

Configure settings for the virtual machine where the Forcepoint NGFW instance runs.

Steps

  1. From the NGFW licensing model options, select the licensing model for the NGFW Engine.
  2. (Optional) From the NGFW Version drop-down list, select the NGFW Engine version.
    Version 6.4 or higher is required.
  3. If the default value of the Virtual network option does not meet your needs, select a different value.
    You must view and accept the virtual network settings even if you do not change the settings.
  4. If the default values of the NGFW Security Subnet, Protected FrontEnd Subnet, and Protected BackEnd Subnet options do not meet your needs, change the settings, then click OK.
  5. (Optional) If the default value of the NGFW VM Size option does not meet your needs, select a different value.
    We recommend selecting a general purpose VM size that has a SKU that starts with the letter D and at least 4 GB of RAM.
  6. In the Resource prefix field, enter an identifying prefix that is automatically added to the name of the resource.
    The prefix is also added to the name of the automatically created NGFW Engine element in the SMC.
  7. From the VM Zone options, select the zone to which the NGFW Engine belongs.
  8. From the Modify existing vnet to redirect traffic to NGFW option, select whether to automatically redirect traffic to the NGFW Engine.
    Note: The Modify existing vnet to redirect traffic to NGFW options are only available if you selected an existing virtual network as the value of the Virtual network option. If you created a new virtual network for the NGFW deployment, the new virtual network is automatically configured.
    • Yes — Traffic to and from the protect subnets is immediately redirected to the NGFW Engine. Route tables are automatically attached to the virtual networks that are selected for the Protected FrontEnd Subnet and Protected BackEnd Subnet options. For Cloud Auto-Scaled Firewalls, the mandatory Azure NSG is deployed in the virtual network that you selected for the NGFW Security Subnet option.
      Note: If additional subnets need to be redirected to the NGFW Engine, you must associate the route table manually with those additional subnets.
    • No — You must associate route tables with the virtual networks that are selected for the Protected FrontEnd Subnet and Protected BackEnd Subnet options to route traffic through the NGFW Engine. For Cloud Auto-Scaled Firewalls, you must manually attach the mandatory Azure NSG to the virtual network that you selected for the NGFW Security Subnet option.
  9. Click OK.