Layer 2 interfaces for Forcepoint NGFW in the Firewall/VPN role
Layer 2 interfaces on NGFW Engines in the Firewall/VPN role allow the NGFW Engine to provide the same kind of traffic inspection that is available for NGFW Engines in the IPS and Layer 2 Firewall roles.
Layer 2 interfaces on NGFW Engines in the Firewall/VPN role provide the following benefits:
- When the same NGFW Engine has both layer 2 and layer 3 interfaces, administration is easier because there are fewer NGFW Engine elements to manage in the SMC.
- It is more efficient and economical to use one NGFW hardware device that has both layer 2 and layer 3 interfaces because a smaller number of NGFW appliances can provide the same traffic inspection.
- When you use layer 2 interfaces on NGFW Engines in the Firewall/VPN role, the NGFW Engine can use
options and features that are not available on NGFW Engines in the IPS or Layer 2 Firewall roles.
For example, an NGFW Engine in the Firewall/VPN role can use Forcepoint Endpoint Context Agent (ECA), Forcepoint User ID service, NetLinks for communication with the SMC, and dynamic control IP addresses, while also providing the same kind of traffic inspection that is available for NGFW Engines in the IPS and Layer 2 Firewall roles.
Note: When you use layer 2 interfaces on NGFW Engines in the Firewall/VPN role, follow the same cable connection
guidelines as for IPS and Layer 2 Firewalls.