Deploying Cloud Auto-Scaled Firewalls

You can create NGFW Engines that can be scaled manually, on a schedule, or automatically depending on traffic load.

Using scaling features is an advanced task. You must know how scaling works and be aware of the related Azure guidelines. For Forcepoint NGFW, both vertical and horizontal scaling is supported. For more information about scaling in Azure, see https://docs.microsoft.com/en-us/azure/architecture/best-practices/auto-scaling.

The scale set NGFW solution template includes the NGFW Engine software and the network environment in which it runs. The network environment includes the Security subnet in which the NGFW Engines are deployed, and two protected subnets. The template creates a route from the protected subnets to the Internet through the NGFW Engines. A route is also created between the two protected subnets.

Figure: Network environment for Cloud Auto-Scaled Firewall deployment

Cloud Auto-Scaled firewalls have the following limitations:

• Cloud Auto-Scaled Firewalls can only be created for Forcepoint NGFW 6.4 or higher.
• The hourly (pay as you go) licensing model is recommended for Cloud Auto-Scaled Firewalls.
• The SMC API is required for Cloud Auto-Scaled Firewalls.
• Because you cannot modify the properties of Cloud Auto-Scaled Firewalls in the SMC, features that require changing the properties of the NGFW Engine elements are not supported.