Deployment

This deployment recommendation describes a forward proxy: a Blue Coat SG appliance connected to a Forcepoint protector using ICAP. The Blue Coat SG appliance serves as a proxy for all HTTP, HTTPS, and FTP transactions. It is configured with rules that route data to the Forcepoint ICAP server.

The Forcepoint protector receives all traffic directed to it from the Blue Coat appliance for scanning,

The following diagram outlines the recommended deployment:

The deployment solution can be used in either monitoring or enforcement mode.

• In enforcement mode, the Blue Coat SG appliance requires Forcepoint DLP to authorize each transaction before allowing files to be posted or uploaded to their

  intended destination. This is the recommended mode, because it provides the most security.

  

• In monitoring mode, the transactions that are redirected by the Blue Coat SG appliance are analyzed by Forcepoint DLP, which can then generate incidents for confidential information and send notifications to administrators and information owners. In this mode, the Forcepoint DLP ICAP server universally responds to all redirected transactions with Allow.