To create a new Edge Device in Forcepoint Cloud Security Gateway:

Prerequisites

A configured Edge Device is necessary to route traffic from VMware SD-WAN to Forcepoint Cloud Security Gateway for inspection and filtering.

Procedure

  1. Login to Forcepoint Cloud Security Gateway using an account with administrative privileges.
  2. Navigate to Web > Device Management, click the drop-down Icon under the headline, and select Add Edge Device.
  3. In the Tunneling Type window, select IPsec Advanced and configure the following settings:
    Option Description
    Name Enter a descriptive name to identify the connection of the Edge.
    Device type Select VeloCloud from the drop-down list.
    Description You can enter more details describing the connection.
    IKE version Select IKEv2 from the drop-down list.
    IKE identity Select DNS and enter a DNS name within your namespace that will be configured on the VMware SD-WAN as well.
    Pre-shared key Select Use your own key and enter the same key that will be used on the VMware SD-WAN.
    Data Centers Select any two data centers that are close to the location of VMware SD-WAN Edges, from Available data centers and move them to the Selected data centers pane. The latency is minimal when you choose the data centers that are close to the VMware SD-WAN Edges.
    Policy Assignment Select a default policy from the drop-down list, that will be applied to all traffic coming from the VMware SD-WAN Edges.
  4. After configuring the settings, click Save.
  5. In the Device Management page, select the newly created Edge Device and note the Service IP of both the Data Centers from the Status menu. These details are required while configuring the VMware SD-WAN.
    The Edge Device on Forcepoint Cloud Security Gateway will wait for connections initiated by the VMware SD-WAN Gateway.

What to do next

Configure the components of the VMware SD-WAN Orchestrator to connect the Forcepoint Cloud Security Gateway to one of the following: