Installing the Web server

Forcepoint DLP Endpoint performs automatic updates regularly by checking with a Web server to determine if they are at the most current version. If Forcepoint DLP Endpoint on the endpoint machine is not up to date, it tries to download a new package from the Web server and install it.

Your Web server can be any server in your network. For best practice, it should be on a different machine than your servers — such as the management server and secondary Forcepoint DLP servers. This optimizes performance of the servers and preserves them for future upgrades. It also gives you the flexibility to choose the port numbers, the hardware, and the operating system, as well as the security hardening mechanisms to be used, without the risk of collision with Forcepoint components.

You can choose any Web server software that meets your needs and configure it on your machine and network, as long as it meets the following requirements:
  • It must support file hosting.
  • It must support CGI or other server-side scripting language.
  • It must have enough hardware resources to handle I/O from all endpoints. Generally, when endpoints are up to date, they query the server every 120 minutes, with each query and response being approximately 1 KB. But when endpoints are out of date, they try to download the update package, which is typically 100 MB.

    Therefore, a server that supports 1,200 endpoints should expect 10 requests per minute (1,200 per 120 minutes). When a new package is available, each request can result in a 100 MB file transfer.

    Note that endpoints retry their communication attempts if the server cannot handle the load.

  • It must be accessible by the network where the endpoints are installed.
  • Its URL must begin with HTTP:// and not HTTPS://. Secure HTTP is not supported.

This document provides instructions on how to use 3 common types of Web servers and provides sample installation instructions for each. See Configuring your Web server below for details.