# Forcepoint NGFW Forcepoint NGFW is a next-generation firewall that protects networks against intrusions, malware, evasions, and unauthorized application use. Connecting Forcepoint NGFW forwards firewall logs and SMC audit log entries to Radiant Security through the Radiant Agent. Radiant uses this telemetry to enrich alerts with network context, giving analysts visibility into traffic activity and administrative actions during triage. ### Prerequisites * [ ] Admin access to Forcepoint SMC * [ ] At least *one* running SMC Log Server * [ ] A deployed [Radiant Agent](/radiant-connectors/data-connectors/install-the-radiant-security-agent.md) reachable from the SMC Log Server ### Add the data connector in Radiant Security 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, click **Settings** > **Data Connectors**, then click **+ Add Connector**. 3. Search for and select **Radiant Agent**, then click **Data Feeds**. 4. Under **Select your data feeds**, select **Forcepoint NGFW**, then click **Credentials**. 5. Under **Credential Name**, enter an identifiable name for the Radiant Agent integration (e.g., `Radiant Agent integration`). To reuse an existing Radiant Agent credential, select it from the drop-down menu. 6. Click **Add Connector**. ### Configure Forcepoint SMC to forward logs Before starting, confirm the IP address of the Radiant Agent and the port configured to receive Forcepoint NGFW data. If you do not know the port, contact your Customer Success representative. {% hint style="info" %} One Log Server element is automatically created during SMC installation. Repeat these steps for **every Log Server** you want to forward from. {% endhint %} 1. Sign in to Forcepoint SMC. 2. Click **Home**, then click **Others** > **Log Server**. 3. Right-click the log server you want to forward logs from, then select **Properties**. 4. Click the **Log Forwarding** tab. 5. Click **Add** and enter the following values: * **Service**: `UDP` * **Port**: the port configured on the Radiant Agent to receive Forcepoint NGFW data * **Format**: `JSON` * **Data Type**: `All Log Data` 6. Double-click the **Target Host** cell to open the **Select Host** dialog box. 7. Click the **Settings** icon, then select **New** > **Host**. 8. In the **Name** field, enter `Radiant-Security-Syslog`. 9. In the **IP** field, enter the IP address of the Radiant Agent. 10. Click **OK**, then select the new host and click **Select**. 11. In the **Log Server TLS Certificate** dialog, select **No client Authentication**. 12. Click **OK** to save the log forwarding rule. ### Verify ingestion After Forcepoint NGFW begins forwarding, confirm alerts and events are reaching Radiant. 1. In Radiant, navigate to [Log Management](https://app.radiantsecurity.ai/logs). 2. Filter by `rs_connectorType:"forcepoint_ngfw"`. 3. Confirm recent alerts and events appear. {% hint style="info" %} Allow several minutes for alerts and events to be parsed, indexed, and available for search. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/forcepoint/forcepoint-ngfw.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.