Introduction to the Forcepoint Next Generation Firewall solution Before setting up Forcepoint Next Generation Firewall (Forcepoint NGFW), it is useful to know what the different components do and what engine roles are available. There are also tasks that you must complete to prepare for installation.
Introduction to Forcepoint NGFWThe Forcepoint Next Generation Firewall solution consists of Forcepoint NGFW Engines and the Forcepoint NGFW Security Management Center (SMC). The SMC is the management component of the Forcepoint NGFW solution.
Preparing for installationBefore installing Forcepoint NGFW, identify the components of your installation and how they integrate into your environment.
Security Management Center deploymentSMC is the management component of the Forcepoint NGFW system. SMC must be installed and running before you can deploy the Forcepoint NGFW engines.
Installing the SMC The SMC is the management component of the Forcepoint NGFW solution. The SMC manages and controls the other components in the system. You must install the SMC before you can install Forcepoint NGFW Engines.
Configuring the SMC After initial installation is complete, configure the SMC to allow adding the other components for your system.
Forcepoint NGFW deployment Forcepoint NGFW deployment consists of adding and configuring engine elements in the SMC, and configuring the Forcepoint NGFW software on the engine.
Configuring Forcepoint NGFW for the Firewall/VPN role Configuring engine elements in the SMC prepares the SMC to manage NGFW Engines in the Firewall/VPN role.
Configuring Forcepoint NGFW for the IPS role Configuring engine elements in the SMC prepares the SMC to manage Forcepoint NGFW in the IPS role.
Configuring Forcepoint NGFW for the Layer 2 Firewall role Configuring engine elements in the SMC prepares the SMC to manage NGFW Engines in the Layer 2 Firewall role.
Configuring NGFW Engines as Master NGFW Engines and Virtual NGFW Engines Configuring engine elements in the SMC prepares the SMC to manage Master NGFW Engines and Virtual NGFW Engines.
Configuring routing After creating the NGFW Engine elements and defining the interfaces, you can configure the basic routing.
Initial configuration of Forcepoint NGFW software After configuring the NGFW Engines in the Management Client, apply the initial configuration of the NGFW Engine and contact the Management Server.
Creating and installing policies After successfully applying the initial configuration and establishing contact between the NGFW Engines and the Management Server, the NGFW Engine is in the initial configuration state. Now you can create and install policies for access control or inspecting traffic.
Maintenance To maximize the benefit of Forcepoint NGFW, upgrade the SMC and Forcepoint NGFW regularly.
Upgrading licensesYou must upgrade licenses if you upgrade the SMC, the SMC Appliance, or the NGFW Engines to a new major release.
Maintaining the Security Management Center When there is a new version available, upgrade the SMC before upgrading NGFW Engines.
SMC Appliance maintenanceThe SMC Appliance has a specific patching process that keeps the SMC software, operating system, and appliance firmware up-to-date.
Upgrading NGFW enginesWhen a new version of Forcepoint Next Generation Firewall introduces features that you want to use, upgrade the Forcepoint NGFW engines.
Default communication ports There are default ports used in connections between SMC components and default ports that SMC components use with external components.
Command line tools There are command line tools for the SMC and the NGFW Engines.
Installing SMC Appliance software on a virtualization platform You can install the SMC Appliance software as a virtual machine on virtualization platforms such as VMware ESX.
Installing Forcepoint NGFW on a virtualization platform You can install the Forcepoint NGFW software as a virtual machine on virtualization platforms such as VMware ESX or KVM.
Installing Forcepoint NGFW software on third-party hardware You can install the Forcepoint NGFW software on third-party hardware that meets the hardware requirements.
Installing the SMC with external certificate management When you install the SMC, you can use certificates issued by an external CA for internal TLS communication between system components.
Example network (Firewall/VPN) This example gives you a better understanding of how Forcepoint NGFW in the Firewall/VPN role fits into a network.
Example network (IPS) To give you a better understanding of how Forcepoint NGFW in the IPS role fits into a network, this example outlines a network with IPS engines.
Cluster installation worksheet instructions For planning the configuration of network interfaces for the engine nodes, use the worksheet.