The Forcepoint Next Generation Firewall solution consists of Forcepoint NGFW Engines and the Forcepoint NGFW Security Management Center (SMC). The SMC is the management component of the Forcepoint NGFW solution.

Before installing Forcepoint NGFW, identify the components of your installation and how they integrate into your environment.

The SMC is the management component of the Forcepoint NGFW solution. The SMC manages and controls the other components in the system. You must install the SMC before you can install Forcepoint NGFW Engines.

After initial installation is complete, configure the SMC to allow adding the other components for your system.

Configuring engine elements in the SMC prepares the SMC to manage NGFW Engines in the Firewall/VPN role.

Configuring engine elements in the SMC prepares the SMC to manage Forcepoint NGFW in the IPS role.

Configuring engine elements in the SMC prepares the SMC to manage NGFW Engines in the Layer 2 Firewall role.

Configuring engine elements in the SMC prepares the SMC to manage Master NGFW Engines and Virtual NGFW Engines.

After creating the NGFW Engine elements and defining the interfaces, you can configure the basic routing.

After configuring the NGFW Engines in the Management Client, apply the initial configuration of the NGFW Engine and contact the Management Server.

After successfully applying the initial configuration and establishing contact between the NGFW Engines and the Management Server, the NGFW Engine is in the initial configuration state. Now you can create and install policies for access control or inspecting traffic.

You must upgrade licenses if you upgrade the SMC, the SMC Appliance, or the NGFW Engines to a new major release.

When there is a new version available, upgrade the SMC before upgrading NGFW Engines.

The SMC Appliance has a specific patching process that keeps the SMC software, operating system, and appliance firmware up-to-date.

When a new version of Forcepoint Next Generation Firewall introduces features that you want to use, upgrade the Forcepoint NGFW engines.

There are default ports used in connections between SMC components and default ports that SMC components use with external components.

There are command line tools for the SMC and the NGFW Engines.

You can install the SMC Appliance software as a virtual machine on virtualization platforms such as VMware ESX.

You can install the Forcepoint NGFW software as a virtual machine on virtualization platforms such as VMware ESX or KVM.

You can install the Forcepoint NGFW software on third-party hardware that meets the hardware requirements.

When you install the SMC, you can use certificates issued by an external CA for internal TLS communication between system components.

This example gives you a better understanding of how Forcepoint NGFW in the Firewall/VPN role fits into a network.

To give you a better understanding of how Forcepoint NGFW in the IPS role fits into a network, this example outlines a network with IPS engines.

For planning the configuration of network interfaces for the engine nodes, use the worksheet.