Configuring the Forcepoint ONE Data Security connection mode in the Cloud Security Gateway portal

Configure the Forcepoint ONE Data Security connection mode in the Cloud Security Gateway portal. There are three options: intelligent auto-switching, proxy connect, and direct connect.

Forcepoint ONE Data Security can be configured to run in proxy connect only mode, direct connect only mode, or automatically switch between the two.

  • Proxy connect mode: When Forcepoint ONE Data Security is in proxy connect mode, Forcepoint ONE Data Security redirects web traffic through the cloud proxy to the Internet. If the connection to the cloud proxy is unavailable, then Forcepoint ONE Data Security falls back to the configured Fallback mode.
  • Direct connect mode: When Forcepoint ONE Data Security is in direct connect mode, Forcepoint ONE Data Security does not redirect web traffic through the cloud proxy. All web traffic connects to the Internet directly. Forcepoint ONE Data Security connects to a disposition server to receive web policies. If the connection to the disposition server is unavailable, then Forcepoint ONE Data Security falls back to the configured Fallback mode.
  • Intelligent auto-switching mode: When Forcepoint ONE Data Security is in auto-switching mode, Forcepoint ONE Data Security starts in proxy connect mode and web traffic is redirected through the cloud proxy to the Internet. Forcepoint ONE Data Security switches to direct connect mode if:
    • Connectivity to the cloud proxy is lost.
    • Proxy connection performance is degraded. Forcepoint ONE Data Security checks the connection latency performance every 30 minutes and compares the speed of the proxy connection and the direct connection. If the proxy connection is 3 times slower than the direct connection, Forcepoint ONE Data Security switches to direct connect mode. When the proxy connection performance is no longer 3 times slower, Forcepoint ONE Data Security switches back to proxy connect mode.

    Forcepoint ONE Data Security switches back to proxy connect mode if:

    • Connectivity to the cloud proxy is restored.
    • Proxy connection performance improves. Forcepoint ONE Data Security checks the connection latency performance every 30 minutes and compares the speed of the proxy connection and the direct connection. When the proxy connection performance is no longer 3 times slower, Forcepoint ONE Data Security switches back to proxy connect mode.

    If the connections to both the cloud proxy and disposition server are unavailable, then Forcepoint ONE Data Security falls back to the configured Fallback mode.

Note: In case PCEP is 10 times slower than DCEP then Forcepoint ONE Data Security switches to the DCEP mode otherwise switches back or stays in PCEP mode, then check is done every every 30 seconds.