Create the NGFW Engine in the Management Client

If you are deploying using the single NGFW, add and configure a placeholder Single Firewall element for each NGFW Engine that you deploy in the Azure cloud.

These steps provide an overview of the NGFW Engine configuration process. For detailed instructions, see the following documents:

  • Forcepoint Next Generation Firewall Installation Guide
  • Forcepoint Next Generation Firewall Product Guide

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Add a Single Firewall element.
  2. Browse to the General branch of the Engine Editor, then select the Location element for elements outside of the local network of the SMC servers from the Location drop-down list.
  3. Browse to Interfaces, then add a layer 3 physical interface and a dynamic IP address.
    1. Add a layer 3 physical interface.
    2. Add an IPv4 address to the interface.
    3. From the IP address type drop-down list, select Dynamic.
    4. From the Dynamic Index drop-down list, select First DHCP Interface.
    5. Select Automatic Default Route.
  4. Browse to Interfaces > Loopback, then add the following loopback IP address: 127.0.0.1.
  5. Browse to Interfaces > Interface Options, then make the following selections:
    1. Select Interface ID 0 as the primary control interface.
      The Node-Initiated Contact to Management Server option is automatically selected when the control IP address is dynamic. When the option is selected, the NGFW Engine opens a connection to the Management Server and maintains connectivity.
    2. Select the loopback IP address as the identify for authentication requests.
  6. Browse to Routing, then add a default route through Interface 0.
    1. Right-click the network under Interface 0, then select Add Router.
    2. Right-click the Router element, then select Add.
    3. Browse to Networks > Any Network, click Add, then click OK.
  7. Click Save to save and validate changes, then close the Engine Editor.
  8. (Bring your own license only) Install a license, then bind the license to the Single Firewall element.
  9. Save the initial configuration.
    1. Right-click the NGFW Engine, then select Configuration > Save initial Configuration.
    2. Next to the Initial Security Policy field, click Select, then select a policy for the NGFW Engine.
    3. Select Enable SSH Daemon.
    4. To save the initial configuration file, click Save As, then select the location where you want to save the file.