Using a policy-based VPN

You can use a policy-based VPN to redirect traffic. Add the Forcepoint NGFW Engine as an Edge Device using the IPsec Advanced feature of Web Security Cloud.

Note: This method requires SMC version 6.1 or higher.

Follow these general steps:

  1. In the cloud Security Portal, configure Forcepoint Web Security Cloud to receive traffic from the NGFW Engine.
  2. If SSL decryption is enabled, download the Forcepoint Cloud CA certificate, then add the certificate to client web browsers.
  3. In the SMC Management Client, import predefined VPN elements for the Web Security Cloud VPN.
  4. Verify the IKE identity (Phase-1 ID) of the VPN endpoint on the NGFW Engines.
  5. Edit the Web Security Cloud VPN element that you imported, and add VPN gateways that represent the NGFW Engines.
  6. Add an Access rule that selects traffic for redirecting to the Web Security Cloud VPN.