Forcepoint NGFW in the IPS and Layer 2 Firewall roles

IPS engines and Layer 2 Firewalls pick up network traffic, inspect it, and create event data for further processing by the Log Server.

The main features of Forcepoint NGFW in the IPS and Layer 2 Firewall roles include:

Multiple detection methods — Misuse detection uses fingerprints to detect known attacks. Anomaly detection uses traffic statistics to detect unusual network behavior. Protocol validation identifies violations of the defined protocol for a particular type of traffic. Event correlation processes event information to detect a pattern of events that might indicate an intrusion attempt.
Response mechanisms — There are several response mechanisms to anomalous traffic. These include different alerting channels, traffic recording, TCP connection termination, traffic block listing, and traffic blocking with Inline Interfaces.
Unified SMC and integration with other NGFW Engines — The IPS engines, Layer 2 Firewalls, Master NGFW Engines, Virtual IPS engines, and Virtual Layer 2 Firewalls are managed centrally through the SMC. The SMC provides extensive reporting tools for generating statistical reports based on logs, alerts, and operating statistics.