To configure Forcepoint Web Security Cloud to receive traffic from the NGFW Engine, add the NGFW Engine as an Edge Device in the cloud Security Portal.
Steps
-
Log on to the cloud Security Portal at https://admin.forcepoint.net/portal.
-
Browse to .
-
Click .
-
Select IPsec Advanced as the Tunneling Type.
-
In the General section, enter a name and an optional description for the Edge Device.
-
Select Forcepoint NGFW from the Device type drop-down list.
-
In the Device Authentication section, select IKEv2 from the IKE version drop-down list.
-
Select the type of IKE identity (Phase-1 ID) to use from the IKE identity drop-down list, then enter the value for the identity.
You can use a DNS name or public IP address as the identity. If you use a DNS name, the value can be a host name or a fully qualified domain name (FQDN). The value does not need
to be an existing DNS name or IP address, but it must be the same value that you configure in the SMC Management Client.
-
Enter a pre-shared key in the Pre-shared key field.
The pre-shared key is the shared secret that must be used when you later configure the VPN in the SMC Management Client.
Tip: To generate a pre-shared key, select Auto generated new key from the Pre-shared key drop-down list.
-
In the Data Centers section, select two locations from the list of available data centers.
When you later configure the VPN in the SMC Management Client, you can enable either or both (for high availability) of the data
centers in the properties of the Web Security Cloud VPN Gateway. The NGFW Engine does not prioritize one data center over the
other.
-
In the Policy Assignment section, set the default policy for traffic from the NGFW Engine.
-
Click Save.
Next steps
If your Web Security Cloud Policy enforces SSL decryption, continue by downloading the Forcepoint Cloud CA
certificate. Otherwise, continue the configuration by importing the predefined elements for the Web Security Cloud VPN.