Configuring a web policy to use Data Protection Service
Use the Defaults section of Web > Settings > Data Protection Settings to configure the default values that will be used to define how data security is handled in new web policies.
Steps
-
Select the option to be used, by default, when adding a policy.
- When Use DLP Lite is selected, a Data Security tab is available when a web policy is added.
When a policy uses DLP Lite, basic data protection is provided by the cloud proxy. A Data Security tab appears when adding a new policy.
- When Use Data Protection Service is selected, a Data Protection
tab is available when adding a new policy. Defaults set here are used to
populate the new tab, but the default values can be changed. See Data Protection Tab in
cloud help for more information.
When a policy uses Data Protection Service, enterprise data protection is provided and handled by Forcepoint DLP through the data protection service.
User requests considered to represent a potential data security risk are forwarded to Data Protection Service by the cloud proxy. Data Protection Service then determines the risk and returns a response telling the proxy to block or allow the request.
When a user is not identified, Data Protection Service returns specific allow or block instructions only if a DLP policy for all sources exists. If all DLP policies apply to specific users or groups, no match is found and the proxy allows the request.
Important: The same user information must exist in both Forcepoint Web Security Cloud and Forcepoint DLP in order for user requests to be accurately inspected by Forcepoint DLP.
- When Use DLP Lite is selected, a Data Security tab is available when a web policy is added.
- Accept the default provided or enter a new value for DPS timeout. This value determines the length of time, in seconds, that the cloud service waits for a response from Data Protection Service after sending an inspection request.
- Select Block or Allow as the DPS fallback behavior if a timeout or other error occurs. If a response from Data Protection Service is not received within the time configured in DPS timeout, the user request will be blocked or allowed based on this setting.
-
Use the tables to change the data security selection for existing policies.
Each list contains the existing policies that currently use the data security option indicated in the table heading. Use the arrows to move selected polices from one list to the other. When the changes are saved, the policies are updated to include the new data security type.Note: Return to Web > Policy Management > Policies and edit each of the changed policies to fully configure the new data security option. Otherwise, default values are applied to the policy.