Thursday, Dec 03, 2020

Automated Forcepoint NGFW High Availability with Azure Resource Manager

Share

Regardless of what products and services are hosted on cloud infrastructures, one simple truth applies to all users no matter what technology stack is in place: network traffic must flow securely and uninterrupted.

NGFW High Availability with Azure Resource Manager

This is why Forcepoint developed an Azure Resource Manager template which deploys a redundant stack of Forcepoint Next Generation Firewall engines in Azure, networked with load balancers and virtual networks to provide uninterrupted security and network flow simply and quickly.

Azure Resource Manager

Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

With Azure Resource Manager, you can:

  • Manage your infrastructure through declarative templates rather than scripts.
  • Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.
  • Redeploy your solution throughout the development lifecycle and have confidence your resources are deployed in a consistent state.
  • Apply access control to all services because Azure role-based access control (Azure RBAC) is natively integrated into the management platform.

Forcepoint NGFW

Forcepoint Next Generation Firewall (NGFW) connects and protects people and the data they use throughout the enterprise network – all with efficiency, availability, and security. Trusted by thousands of customers around the world, Forcepoint network security solutions enable businesses, government agencies and other organizations to address critical issues efficiently and economically.

Forcepoint NGFW combines the latest in software-defined wide area networking (SD-WAN) with the industry’s top-rated next generation firewall security, all managed at enterprise scale from a single policy-based console.

Integration between Forcepoint NGFW and Azure Resource Manager

Forcepoint developed an Azure Resource Manager template which automates the deployment and configuration in Azure of all components in this high availability stack: a redundant set of Forcepoint Next Generation Firewalls, 2 network load balancers and 3 virtual networks so that internal, external and management traffic are separated and flow uninterrupted even when one of the engines is offline. And if virtual networks already exist, it simply plugs the engines and load balancers into the existing setup.

Once all building blocks of the cloud stack are deployed and configured, the NGFW engines are connected to an existing Forcepoint Security Management Centre which applies security policies consistently to Azure workloads and services protected by the NGFW engines. Last but not least, the entire deployment and configuration workflow completes within a few minutes!

Here’s an overview of the steps involved in the integration:

Watch the video to learn more about the technical implementation. You will see a live demo of how the Azure Resource Manager template is edited and how the full network stack is deployed automatically before your eyes.

About the Author

Mattia Maggioli

Mattia leads the software engineering arm of Forcepoint Innovation Labs which provides design, prototype and POC capabilities to a wide array of integration activities between Forcepoint and 3rd party products, supporting business with a global ecosystem of technology partners and introducing...