Edit and deploy the template to Azure Resource Management

1. From the search box in the Azure portal menu, type deploy, and then select Deploy a custom template.
2. Under Custom deployment > Select a template, select Build your own template in the editor option in to create a customized template.
3. Select Load file, and browse the file system to upload the fp-ngfw-ha-template.json file, included in the fp-ngfw-ha-arm-template directory. For more information, see Download Forcepoint NGFW high availability ARM template.
4. Click Save.
5. Under Custom deployment > Basics, select Edit parameters.
6. Select Load file, and browse the file system to upload the fp-ngfw-ha-parameters.json file, included in the fp-ngfw-ha-arm-template directory. For more information, see Download Forcepoint NGFW high availability ARM template.

   Make sure not to click Save after uploading the parameter file.

7. Once you have loaded the parameter file into parameters editor, edit the following parameters:
   • Line 6: Parameters.location.value: the name of the Azure Region where the resources will be deployed.
   • Line 9: Parameters.engineUsername.value: username that will be used to login into Forcepoint NGFW engine VMs.
   • Line 12: parameters.sshkey.value: NGFW engine username public ssh key. To find more about how to generate ssh keys, visit: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys.
   • parameters.vnet: these parameters represent the Virtual Network (VNet) for the deployment. If the VNet does not exist it will be created. User needs to specify the name for the VNet and its Resource Group.
   • If the VNet exists, change the value vnet.value.newOrExisting to existing. Modify the other VNet addressPrefix and subnets names parameters to not overlap with existing subnets adressPrefix.
   • line 45: parameters.sku.value: choose the type of NGFW licensing model. Options are
     • Pay as you go: enter the value ngfw_payg
     • Bring your own license: enter the value ngfw_byol. If this option is used, the NGFW engines will pull a license from the ones available in the SMC.
   • Line 48: parameters.ImageVersion.value: the version for the Forcepoint NGFW engine image.
   • Line 51: parameters.engineVMSize.value: the size of the Azure VM. The size must be available in the Azure region selected for the deployment.
   • Line 57: parameters.smcContactAddress.value: enter the public IP address or FQDN of the SMC API.
   • Line 63: parameters. smcContactApikey.value: enter the SMC API key generated in the section Enable the SMC API.
   • Line 69: Parameters.smcCertificate.value: enter the Bas64 string for the certificate created in the section Create a self-signed certificate for the SMC API of this document.
   • Line 72: parameters.ploicyName.value: enter the Policy name created in the section Create Firewall Policy of this document.
   • Line 78: parameters.engineLocation.value: enter the engine Location name created in the section Create a Location element for elements that contact the SMC servers.
   • Line 81: parameters.logServerPool.value: the name of the Log Servers as displayed inside Forcepoint Security Management Center.
   • Line 86: parameters.useZones.value: set the value to true to use Availability Zones of Azure.
     Note: Not all Azure locations provide availability zones. Set the value to false if the stack is deployed in a location that does not support availability zones. In such situation, Availability Set will be used to deploy both NGFW engines in the same data center within different fault domains and update domains.
   • If parameters.useZones.value is set to true, you need to choose two different availability zones, one for each Forcepoint NGFW engine instance.
8. Once all parameters are defined, click Save to save all changes made to the parameters file.
9. Select the Resource group you have created.
10. Click Review + create.
11. Click Create to start the deployment.

“Your deployment is complete”.

Once deployment is completed, two NGFW Engines will be displayed inside Forcepoint SMC.