Forcepoint N335 Firewall

Firewall Throughput  Specification
Next-Generation Firewall/NGIPS throughput 1,000 Mbps
Maximum firewall throughput (UDP 1518 byte) 7 Gbps
TLS 1.2 inspection performance 550 Mbps
IPsec VPN throughput 3 Gbps
Concurrent IPsec VPN tunnels 20,000
Mobile VPN clients Unlimited
AC power supply 100 – 240 VAC 50 – 60 Hz, 180 W
VLAN tagging Unlimited
Network I/O slots 2 mini modules
New TCP connections/sec 80,000
Maximum inspection throughput 2.5 Gbps

Description

Forcepoint N335 Firewall

Support for multi-layer inspection

Multi-layer inspection combines access control, application identification, deep inspection, and file filtering flexibly to optimize security and system performance.

Access control includes packet filtering, connection tracking, URL categories, network application detection, user identification, authentication, and endpoint context information. Forcepoint NGFW in the Firewall/VPN role uses state tables to track connections and check whether a packet is a part of an established connection. Forcepoint NGFW in the Firewall/VPN role can also act as a packet filter for types of connections that do not require stateful access control. By default, all Firewall Access rules implement stateful access control.

Deep inspection checks the actual data being transferred. Deep inspection detects harmful patterns in network traffic. Traffic normalization is used to prevent advanced evasion methods, which are intended to allow harmful traffic to bypass network security devices.

File filtering includes file reputation, anti-malware, and sandbox scans.

Forcepoint NGFW in the Firewall/VPN role can apply application level inspection with or without proxying the connections. Protocol Agents provide protocol validation for specific protocols. Protocol Agents are also used to handle protocols that generate complex connection patterns, to redirect traffic to proxy services, and to change data payload if necessary.

Advanced traffic inspection

The Firewall’s traffic inspection process is designed to ensure a high level of security and throughput. The Firewalls’ policies determine when to use stateful connection tracking, packet filtering, or application-level security.

The Firewall uses the resources necessary for application-level security only when the situation demands it, and without unnecessarily slowing or limiting network traffic.

Some types of connections can be selected for inspection of the data content against harmful or otherwise unwanted patterns in connections. The deep packet inspection features provide IPS-type capabilities right on the Firewall, and help in finding and stopping malicious or suspicious network activities. You can even inspect the content of encrypted HTTPS connections using the built-in deep packet inspection features.

An anti-malware scanner and a sandbox complement the standard traffic inspection features.

SD-WAN in Forcepoint NGFW

Forcepoint NGFW supports software-defined wide area networks (SD-WANs).

SD-WAN features in Forcepoint NGFW include:

  • Multi-Link technology
  • Clustered Multi-Link VPNs
  • Quality of Service (QoS)
  • Application routing

Multi-Link technology for SD-WAN

Multi-Link provides redundant ISP connections for SD-WAN.

Multi-Link allows you to configure redundant ISP connections using standard network connections, without the need for redundant external routers and switches. You can use any IP-based connection with a dedicated IP address range as part of a Multi-Link configuration. You can also define standby links that are used only when primary links fail.

Traffic is dynamically balanced across the different links based on a performance measurement or based on the links’ relative bandwidths. New connections automatically start to use other links when the Firewall detects that one of the links fails. The Firewall uses NAT to direct the traffic through the different links to make the source IP address valid for the link used.

Standby NetLinks act as backup Internet connections that are only activated if all primary NetLinks fail. Using standby NetLinks provides High Availability of Internet connectivity, but is less expensive than having multiple NetLinks active at the same time. Using Multi-Link for load balancing can also help reduce costs. Traffic can be balanced between two or more slower, less expensive, Internet connections instead of one faster connection. Most often, multiple network links are used to guarantee continuity of Internet access, but you can also use Multi-Link to provide redundant links for internal networks.

Multi-Link technology provides highly available network connections for the following scenarios:

  • Outbound connections — Multi-Link routing makes sure that outbound traffic always uses the optimal link toward its destination and allow you to configure standby links as backups. The traffic can be distributed across the links in several different ways.
  • Inbound connections — The built-in inbound traffic management feature can use Multi-Link to guarantee continuity of the services that your company offers to external users.
  • VPN connections — The Multi-Link tunnel selection for VPN traffic is done independently from other types of traffic. Standby links can also be selected independently for a VPN. Connections that use Multi-Link VPN tunnels are transparently moved to other NetLinks even if the NetLink that they are using fails.

Built-in inbound traffic management

The built-in Server Pool feature allows Firewalls to monitor a pool of alternative servers that offer the same service to the users.

If one of the servers becomes unavailable or overloaded, the Firewall automatically redirects new connections to the alternative servers. Server pools can also interact with the Multi-Link feature for high availability of the incoming network connection.

Licensing components and features

License files provide your system a proof of purchase. The Management Server maintains license files.

You receive most licenses as proof-of-license (POL) codes. The proof-of-serial (POS) license code for Forcepoint NGFW appliances is printed on a label attached to the appliances. Using your license code, you can log on to the License Center and view and manage your licenses

Generally, each SMC server and each Firewall, IPS, Layer 2 Firewall, and Master NGFW Engine node must be separately licensed in your SMC. Virtual NGFW Engines do not require their own licenses.

  • The SMC components must always be licensed by importing a license file that you create at the Forcepoint website.
  • Licenses for Forcepoint NGFW appliances can be generated automatically. You might also need to generate these licenses manually at the Forcepoint website, depending on the appliance model and Management Server connectivity.

The use of some individual features is also limited by license.

All licenses indicate the latest version for which they are valid and are valid on all earlier software versions up to the version indicated. Licenses are by default automatically updated to the newest version possible for the component. If automatic license updates are not possible or disabled, you must generate new licenses manually before upgrading to a new major release.

License upgrades are included in maintenance contracts. If the maintenance contract of a component expires, it is not possible to upgrade the license to any newer version. Evaluation licenses are valid for 30 days.

Generate licenses

Generally, each SMC component and NGFW Engine must have a separate license. Some additional features might also require a separate license.

There are some exceptions:

  • In a high availability environment where there are multiple Management Servers, all Management Servers in the same SMC share a single license.
  • All currently available Forcepoint NGFW appliance models can fetch a license automatically through the Management Server if automatic updates are enabled. If automatic licensing fails, the appliances have a 30-day temporary initial license to allow time for manual licensing.
  • Forcepoint NGFW Engines deployed in the AWS cloud with the Bring Your Own License image must have a license in the SMC. Forcepoint NGFW Engines deployed in the AWS cloud with the Hourly (pay as you go) license image do not require a separate license in the SMC.

 

Buy Forcepoint Firewall online from Firewall Firm’s IT Monteur Store

Sales Number : +91 9582 90 7788
Support Number : +91-9654016484
Sales Email : sales@itmonteur.net
Support Email : support@itmonteur.net

Register & Request Quote
Submit Support Ticket