Forcepoint NGFW in the IPS and Layer 2 Firewall roles
IPS engines and Layer 2 Firewalls pick up network traffic, inspect it, and create event data for further processing by the Log Server.
The main features of
Forcepoint NGFW in the IPS and Layer 2 Firewall roles include:
- Multiple detection methods — Misuse detection uses fingerprints to detect known attacks. Anomaly detection uses traffic statistics to detect unusual network behavior. Protocol validation identifies violations of the defined protocol for a particular type of traffic. Event correlation processes event information to detect a pattern of events that might indicate an intrusion attempt.
- Response mechanisms — There are several response mechanisms to anomalous traffic. These include different alerting channels, traffic recording, TCP connection termination, traffic block listing, and traffic blocking with Inline Interfaces.
- Unified SMC and integration with other NGFW Engines — The IPS engines, Layer 2 Firewalls, Master NGFW Engines, Virtual IPS engines, and Virtual Layer 2 Firewalls are managed centrally through the SMC. The SMC provides extensive reporting tools for generating statistical reports based on logs, alerts, and operating statistics.