Monitoring Forcepoint Firewall Enterprise Devices

Overview

TOS Aurora monitors Forcepoint Firewall Enterprise devices for policy revision changes.

To see which TOS features are supported for your device, review the feature support table.

Recommendations

  • TOS Aurora and the monitored devices must be synchronized with the correct date and time, either manually or automatically. We recommend that you also configure the devices to resolve DNS queries.

Add a Device

  1. Select Forcepoint > McAfee - Firewall Enterprise:

    Add Devices

  2. Configure the device settings:

    • Name for Display

    • Domain: Available only if you have configured your system for managing multi-domains and All Domains is currently selected. Select the domain to which to add the device. The Domain can only be entered when adding a device; to change the Domain, you must migrate the device.

    • Get revisions from: One of the following:

      • IP Address: Revisions are retrieved automatically
      • Offline File: (If available) Revisions are manually uploaded to TOS Aurora for Offline Analysis

    • ST server: In a distributed deployment, select which TOS Aurora cluster monitors this device (not shown in image)

    Click Next.

  3. Configure the TOS Aurora connection to the Forcepoint device, according to the parameters required by the device:

    Enter the necessary authentication information to connect to the Forcepoint Firewall Enterprise device.

    Make sure to enter the username of a user with administrator privileges of the firewall device.

    Select the whether you connect to the device with SSH or Telnet. To use default settings (recommended in most cases), leave the Port number clear.

    Click Next.

  4. The Monitoring Settings page appears:

    • To use timing settings from the Timing page, select Default. Otherwise, select Custom, Custom settings, and configure the Polling frequency: How often TOS Aurora fetches the configuration from each device.

    If you select 1 day, you can then select the exact time (hour and minute) for the daily polling.

Configure a Monitored Device

After you add a device, further configuration options are available.

Options vary depending on your environment.

  • Edit configuration: Use the wizard to modify selected device settings. See Add a Device in this topic.

  • Delete this device: Type yes to confirm that you want to delete the device.

How Do I Get Here?

SecureTrack > Monitoring > Manage Devices