Connect Data Protection Service in the Forcepoint Security Manager
To benefit from the integration of the cloud channels with Forcepoint CASB, you must first connect the DLP Manager to Data Protection Service, which is responsible for the enforcement of DLP policies on cloud web traffic and cloud applications.
In the DATA module of the Forcepoint Security Manager, use the Data Protection Service tab of the Settings > General > Services page to connect to Data Protection Service. Uploading tenant information is part of the connection process.
Data Protection Service:
- Enables enforcement of DLP rules that protect cloud applications, with Forcepoint CASB integration for all cloud channels (DLP Cloud Proxy, DLP Cloud API, and Data Discovery).
- Protects data over web traffic through integration with Forcepoint Web Security Cloud.
First, Data Protection Service must be connected. This is done by uploading the Data Protection Service JSON file either received in the fulfillment email as part of the onboarding process or requested from Forcepoint Technical Support.
- Click Select File, and in the dialog box that appears, click Choose File. Browse to the JSON file you received from Forcepoint, and then click OK. The file is uploaded to the server, and the information begins to appear in the Connection area of the Data Protection Service tab.
- Verify that the correct Customer Name is shown in the Forcepoint Security Manager. If the Customer Name is incorrect, contact Forcepoint Technical Support.
- Click Connect to establish the connection with Data Protection Service.
- Click OK at the bottom of the screen to complete the process.
When the connection is active, the Connect button turns into a Disconnect button, enabling disconnection of Data Protection Service from Forcepoint DLP.
In the Data Protection Service Status area, upon successful connection, the status is marked as “Connected successfully”, the time and date of the connection is displayed, and the Recheck connection link is enabled. This link is used to check the connection status in the event of problems. If an error is returned upon checking the connection, the status is listed as “Failed to connect”.
Error handling
- If Data Protection Service shows the status “Failed to connect”, the module is temporarily unavailable. Click Connect or Recheck Connection to try to connect again. If the problem continues, contact Forcepoint Technical Support.
- If the JSON file is uploaded for the first time, and when you click Connect the connection fails, the status shown is “Never connected”. This is because the Forcepoint Security Manager has never successfully connected to the Data Protection Service. In this case, it is probable that a Data Protection Service was not created. Contact Forcepoint Technical Support for assistance.
- If you receive the following message in the Data Protection Service
Status area:
This service is not connected to Forcepoint CASB. Incident reporting and policy enforcement will be affected for cloud channels. See “Explain this page” for more information.
This means that there is a connection issue, and DLP Cloud API and Cloud Data Discovery channels will not enforce DLP policies, and the DLP Cloud Proxy channel might not report incidents to the Forcepoint Security Manager. See Viewing Deployment Status in the Forcepoint DLP Administrator Guide for more information on error handling.
- When you contact Forcepoint Technical Support, you can share the following files to help troubleshoot the issue:
- %DSS_HOME%tomcat\logs\dlp\dlp-all.log
- %DSS_HOME%mediator\logs\mediator.out
The default location for %DSS_HOME% is C:\Program Files (x86)\Websense\Data Security\. If you cannot find these files at the default location, check with your Forcepoint Security Manager administrator.