V10000 or V20000 hardware setup
Forcepoint appliance network interfaces must be able to access a DNS server and the Internet, as described below. This information varies slightly depending on the security mode selected for the appliance.
- V10000 or V20000 with Forcepoint Web Security
- V10000 or V20000 with Forcepoint Email Security
V10000 or V20000 with Forcepoint Web Security
Network interface C must be able to access a DNS server. This interface typically has continuous access to the Internet. Essential databases are downloaded from Forcepoint servers through
interface C (or optionally through P1).
- Ensure that interface C is able to access the download servers at download.websense.com. (As an alternative, some sites configure the P1 proxy interface to download the Master Database as well as other security updates. This change must be made in the Web Security module of the Forcepoint Security Manager. In that situation, interface C does not require Internet access.)
- Make sure the C interface IP address is permitted by all firewalls, proxy servers, routers, or host files controlling the URLs that the C interface can access.
- If Network Agent is used, network interface N must be connected to a mirror port on a router or switch.
V10000 or V20000 with Forcepoint Email Security
Network interface E1 (and E2, if used) must be able to access a DNS server. These interfaces typically have continuous access to the Internet once the appliance is operational. Essential
databases are downloaded from servers through these interfaces.
- Ensure that E1 (and E2, if used) are able to access the download servers at download.websense.com or ddsdom.websense.com.
- Ensure that the E1 IP address is permitted by all firewalls, proxy servers, routers, or host files controlling the URLs that the E1 (and E2) interfaces can access.
- Network interface E1 (and E2, if used) must be able to access the mail server.
- For V10K G4R1 and prior appliances, use E1/E2 for Email.
- For V10K G4R2 and V20K G1 appliances, use P1/P2 for Email.
Note that HTTP and HTTPS access is required, and with a proxy, a bypass of the IP address from SSL is recommended. It must also be possible to download executables.