System requirements for this version
Applies to | In this topic |
---|---|
|
|
- Forcepoint DLP v10.2 and later is supported with Forcepoint Web and Email Security v8.5.5.
- Forcepoint DLP v10.1 and later is supported with Forcepoint Web and Email Security v8.5.5.
- Forcepoint DLP v10.0 and later is supported with Forcepoint Web and Email Security v8.5.5.
- Forcepoint DLP v9.0 and later is supported with Forcepoint Web and Email Security v8.5.5.
- Forcepoint DLP v8.7.1 and later is supported with Forcepoint Web and Email Security v8.5.4.
- Forcepoint DLP v8.6 and v8.7 are supported with Forcepoint Web and Email Security v8.5.3.
- Forcepoint DLP v8.5.1 is supported with Forcepoint Web and Email Security v8.5.0.
- Forcepoint DLP v8.5.0 and v8.5.2 are stand-alone versions of that product and cannot be integrated with other Forcepoint products.
For more information about version compatibility, see the Version Equivalencies Between Forcepoint DLP and EIP Infrastructure/Web/Email Components.
-
Forcepoint management server requirements
The Forcepoint management server hosts the Forcepoint Security Manager (Security Manager), which includes:
- The infrastructure uniting all management components
- A settings database for administrator account information and other shared data
- One or more management modules, used for configuration, policy management, and reporting
Additional components may also reside on the management server. For a list of operating systems that are supported, see the Certified Product Matrix on the Forcepoint website.
- Hardware requirements
The recommended hardware requirements for a Forcepoint management server vary depending on whether Microsoft SQL Server Express (used only for evaluations or very small deployments) is installed on the machine.
Note:- Forcepoint DLP allows for either local or remote installation of the forensics repository. If the repository is hosted remotely, deduct 90 GB from the Forcepoint DLP disk space requirements.
- It is strongly recommended that you allocate more than the minimum listed disk space to allow for scaling with use. The “recommended” option allows for scaling as reporting data accumulates.
- If you install the product on a drive other than the main Windows drive (typically C), it must have at least 4 GB free on the Windows partition to accommodate the Forcepoint Security Installer.
With remote (standard or enterprise) reporting database
Management modules Recommended Minimum Web Security 8 CPU cores (2.5 GHz), 16 GB available RAM, 400 GB Disk Space 4 CPU cores (2.5 GHz), 8 GB available RAM, 146 GB Disk Space Data Security 8 CPU cores (2.5 GHz), 16 GB available RAM, 400 GB Disk space 4 CPU cores (2.5 GHz), 16 GB available RAM, 146 GB Disk Space Web Security and Data Security 8 CPU cores (2.5 GHz), 20 GB available RAM, 400 GB Disk Space 4 CPU cores (2.5 GHz), 16 GB available RAM, 146 GB Disk Space Email Security and Data Security 8 CPU cores (2.5 GHz), 20 GB available RAM, 400 GB Disk Space 4 CPU cores (2.5 GHz), 16 GB available RAM, 146 GB Disk Space Web Security, Data Security, and Email Security 8 CPU cores (2.5 GHz), 24 GB available RAM, 550 GB Disk Space 8 CPU cores (2.5 GHz), 20 GB available RAM, 146 GB Disk Space With local (express) reporting database
Management modules Recommended Minimum Web Security 8 CPU cores (2.5 GHz), 16 GB available RAM, 400 GB Disk Space 4 CPU cores (2.5 GHz), 8 GB available RAM, 240 GB Disk Space Data Security 8 CPU cores (2.5 GHz), 16 GB available RAM, 400 GB Disk space 4 CPU cores (2.5 GHz), 16 GB available RAM, 240 GB Disk Space Web Security and Data Security 8 CPU cores (2.5 GHz), 20 GB available RAM, 400 GB Disk Space 4 CPU cores (2.5 GHz), 16 GB available RAM, 240 GB Disk Space Email Security and Data Security 8 CPU cores (2.5 GHz), 20 GB available RAM, 400 GB Disk Space 4 CPU cores (2.5 GHz), 16 GB available RAM, 240 GB Disk Space Web Security, Data Security, and Email Security 8 CPU cores (2.5 GHz), 24 GB available RAM, 600 GB Disk Space 8 CPU cores (2.5 GHz), 20 GB available RAM, 240 GB Disk Space
- Forcepoint Security Manager browser support
The Security Manager is a web-based tool that runs on a variety of popular browsers. For a list of browsers and versions that are supported, see the Certified Product Matrix on the Forcepoint website.
Although it is possible to launch the Security Manager using non-supported browsers, you may not receive full functionality and proper display of the application.
- Virtualization systemsNote:
- Forcepoint Web Security v8.5.3 and v8.5.4, Forcepoint Email Security v8.5.3 and v8.5.4, and Forcepoint DLP v8.6 and later are not supported on Windows Server 2008 R2.
- Forcepoint Web Security v8.5.4 and Forcepoint DLP v8.7.1 and later are not supported on Windows Server 2012 R2 Datacenter Edition.
All Security Manager components, as well as secondary Forcepoint DLP servers, are supported on the following virtualization systems. Other components (used for enforcement, analysis, or reporting) may have additional requirements that are not supported by these virtualization environments.-
- Windows Server 2008 R2 SP1 over Hyper-V 2008 R2
- Windows Server 2008 R2 SP1 and Windows Server 2012 over Hyper-V 2012
- Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 over Hyper-V 2012 R2
- Windows Server 2008 R2 SP1 over VMware ESXi v5.x
- Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 over VMware ESXi 6.x
Note: When ESXi is downloaded, a license key is generated and displayed on the download page. Make a note of this license key for use during installation.Before installing Forcepoint software on a VM via ESXi, ensure that the VMware tools are up to date and that all hardware is compatible with VMware ESXi. Additionally, make sure that the resource specifications defined earlier in this document for non-virtualized systems are met.
- Directory services for administrator authentication
If you allow users to log on to the Security Manager using their network accounts, the following directory services can be used to authenticate administrator logons:
- Microsoft Active Directory
- Lotus Notes
- Generic LDAP directories
- Novell eDirectory
- Oracle Directory Services
- Supported Forcepoint appliance models and modes
For complete information on supported appliance models and modes, see:
- Reporting database requirements
For all Forcepoint security solutions, Microsoft SQL Server is used to host the reporting database.
- For evaluations and small deployments, some versions of the Forcepoint
Security Installer can be used to install Microsoft SQL Server Express.
When included, use only the version of SQL Server Express included in the Forcepoint Security Installer. If not included, download and install the supported version of SQL Server Express from Microsoft.
- Larger organizations are advised to use Microsoft SQL Server Standard,
Business Intelligence, or Enterprise. These SQL Server editions cannot
reside on the Forcepoint management server.
SQL Server clustering may be used with all supported standard and enterprise versions of Microsoft SQL Server for failover or high availability (Forcepoint Email Security and Forcepoint Web Security only).
The supported database engines are listed in the Certified Product Matrix.
- For evaluations and small deployments, some versions of the Forcepoint
Security Installer can be used to install Microsoft SQL Server Express.
- Requirements for web protection solutions
- Software components:
Do not install web protection components on a domain controller machine. The following components are Windows-only. See the Certified Product Matrix for a list of supported Windows versions.
- Forcepoint Security Manager
- Linking Service
- Log Server
- Cloud App Service
- DC Agent
- Real-Time Monitor
Content Gateway is a Linux-only component. See the Certified Product Matrix for a list of supported operating systems. See Content Gateway for additional information.
All other web protection components can run on any of the supporting operating systems listed on the Certified Product Matrix.
- Web components not available on Forcepoint appliances
The following web protection components do not run on appliances. If used, they must be installed off-appliance.
- Forcepoint Security Manager
- Log Server
- Sync Service
- DC Agent
- Logon Agent
- Cloud App Service
- Real-Time Monitor
- Linking Service
- Remote Filtering Server and Client (Forcepoint URL Filtering only)
- eDirectory Agent
- RADIUS Agent
- Network Agent (not available on X Series)
- Content GatewayImportant: Core policy components must be installed prior to Content Gateway. When Filtering Service is installed, Content Gateway must be specified as the integration product. See Installation Instructions: Forcepoint Web Security.
- Hardware
CPU Quad-core running at 2.8 GHz or faster Memory 6 GB minimum Red Hat Enterprise Linux 6 series, 64-bit 8 GB recommended Disk space 2 disks:
- 100 GB for the operating system, Content Gateway, and temporary data.
- 147 GB for cachingImportant: If caching will not be used, this disk is not required.
The caching disk:
- Should be at least 2 GB and no more than 147 GB
- Must be a raw disk, not a mounted file system
- Must be dedicated
- Must not be part of a software RAID
- Should be, for best performance, a 10K RPM SAS disk on a controller that has at least 64 MB of write-through cache.
Network Interfaces 2
- To support transparent proxy deployments
Router Must support WCCP v2.
A Cisco router must run iOS 12.2 or later. The latest version is recommended.
To support IPv6, WCCP v2.01 and Cisco router version 15.4(1)T or later are required.
Client machines, the destination Web server, and Content Gateway must reside on different subnets.
Layer 4 switch You may use a Layer 4 switch rather than a router.
To support WCCP, a Cisco switch requires the EMI or IP services image of the 12.2SE IOS release (or later).
Content Gateway must be Layer 2 adjacent to the switch.
The switch must be able to rewrite the destination MAC address of frames traversing the switch.
The switch must be able to match traffic based on the layer 4 protocol port (i.e., TCP port 80).
- Software
Content Gateway is supported on the operating systems listed on the Certified Product Matrix , as well as Forcepoint V Series, X Series, and Virtual Appliances.
Forcepoint provides “best effort” support for newer versions of Red Hat Enterprise Linux. Under “best effort” support, Technical Support makes a best effort to troubleshoot cases in standard fashion unless the issue is deemed a Red Hat Enterprise Linux-specific issue, at which point you must contact Red Hat directly for assistance.
Only kernels shipped with the supported Linux versions are supported by Content Gateway. Visit www.redhat.com for kernel information. To display the kernel version installed on your system, enter the command:
/bin/uname -r
- Required libraries in Red Hat Enterprise Linux
During Content Gateway installation, the installer will list missing packages and then exit the installer.
To install the missing packages, the operating system must have a repository of available libraries. The Media repository on the Red Hat Enterprise Linux install DVD is an acceptable source of packages.
After the repository is set up, all of the required dependencies can be automatically resolved by running:
For Linux 6.x:
yum install wcg_deps-1-0.noarch.rpm
For Linux 7.x:
yum install wcg_rh7_deps-1-0.noarch.rpm
The above RPM is included in the Content Gateway install tree, at the same level as wcg_install.sh.
- Integration with Forcepoint DLP
Any version can be used via the ICAP interface. However, use of the integrated, on-box components is strongly recommended. See Content Gateway Manager Help for configuration instructions.
- Web browsers
Content Gateway is configured and maintained with a web-based user interface called the Content Gateway manager. See the Certified Product Matrix for a list of browser the Content Gateway manager supports.
Note: The browser restrictions mentioned in the product matrix above apply only to the Content Gateway Manager and not to client browsers proxied by Content Gateway.
- Hardware
- Client OS
The logon application (LogonApp.exe) is supported on the following operating systems:
- Windows Vista with Service Pack 1 or higher (32-bit and 64-bit)
- Windows 7 with Service Pack 1 (32-bit and 64-bit)
- Windows 8
- Windows 8.1 (v7.8.2 and later)
- Windows 8.1, Update 1 (v7.8.3 and later)
- Windows 10
- Windows Server 2003
- Windows Server 2008 R2 SP1
- Mac OS X 10.8, 10.9.2, 10.9.5, and 10.10 (64-bit)
- Integrations
Forcepoint URL Filtering may be integrated with the following third-party products.
Product Versions Microsoft Forefront TMG 2010 Cisco ASA v8.0 or later Cisco Router iOS v15 or later Citrix Presentation Server 4.5 Citrix XenApp 6.0 or 6.5 In addition, products that can be configured to use ICAP can be integrated via the ICAP Service.
- Directory services for user identification
Web protection solutions can use the following directory services listed in the Certified Product Matrix for user identification and authentication:
- RADIUSMost standard RADIUS servers are supported. The following have been tested:
- Cistron RADIUS Server
- Livingston (Lucent) 2.x
- Merit AAA
- Microsoft IAS
- NMAS authentication
- Software components:
- Requirements for email protection solutions
The Forcepoint Email Security on-premises solution is exclusively appliance-based (V Series, X Series, and Virtual Appliance), except for the following components:
- Email Security module of the Forcepoint Security Manager, which runs on the Forcepoint management server (see Forcepoint management server requirements).
- Log Server, which runs on a Windows Server 2008 R2 SP1, 2012, 2014, or 2016 machine.
- Windows Server 2008 R2 is not supported for v8.5.3 or v8.5.4.
All components in the deployment, including those running off-appliance, must run the same version of Forcepoint software.
See the Forcepoint Appliances Getting Started Guide for appliance specifications.
Forcepoint Email Security version 8.5.x can be installed in a Microsoft Azure cloud environment. See Installing Forcepoint Email Security in Microsoft Azure for more information.
- Forcepoint DLP requirements
Operating system
Forcepoint DLP Component Supported Operating Systems 64-bit Management server Windows Server 2008 Standard or Enterprise, R2 SP1 (version 8.5.x only; not supported in version 8.6 or 8.7) Windows Server 2012 Standard Edition Windows Server 2012 Standard Edition R2 Windows Server 2016 Standard Edition Windows Server 2019 Standard Edition Windows Server 2022 Standard Edition Supplemental servers Windows Server 2008 Standard or Enterprise, R2 SP1 (version 8.5.x only; not supported in version 8.6 or 8.7) Windows Server 2012 Standard Edition Windows Server 2012 Standard Edition R2 Windows Server 2016 Standard Edition Windows Server 2019 Standard Edition Windows Server 2022 Standard Edition Forcepoint DLP Email Gateway CentOS 7.2
CentOS 7.5 (added in version 8.6)
Web Content Gateway Red Hat Enterprise Linux 6.8, 6.9, 7.2, 7.3, and
7.4
Crawler agent Windows Server 2008 Standard or Enterprise, R2 SP1 (version 8.5.x only; not supported in version 8.6 or 8.7) Windows Server 2012 Standard Edition Windows Server 2016 Standard Edition Windows Server 2019 Standard Edition Windows Server 2022 Standard Edition Protector* CentOS 7
CentOS 7.5 (added in version 8.6)
CentOS 7.9 (added in version 8.8.1) Red Hat 7.5 (added in version 8.6)
Analytics engine CentOS 7
CentOS 7.5 (added in version 8.6)
Endpoint agent See the Certified Product Matrix *This operating system is installed as part of the protector “software appliance” installation.
Protector is supported on VMware systems in the Mail Transport Agent (MTA) mode and/or as an ICAP server with remote analysis (no local analysis). Other modes of deployment are not certified.
- Forcepoint DLP server hardware requirements
Server hardware Minimum requirements Recommended CPU 4 CPU cores (2.5 GHz) 8 CPU cores (2.5 GHz) Memory 16 GB available RAM 16 GB available RAM Hard drives Two 72 GB Four 146 GB Disk space 146 GB 400 GB Free space 70 GB 70 GB Hardware RAID 1 1 + 0 NICs 1 2
- Forcepoint DLP server software requirements
The following requirements apply to all Forcepoint DLP servers:
- For optimized performance, verify that the operating system’s file cluster is set to 4096B. For more information, see the Knowledge Base article File System Performance Optimization.
- Windows installation requirements:
- Set the partition to 1 NTFS Partition. For more information, see the Knowledge Base article: File System Performance Optimization.
- Regional Settings: should be set according to the primary location. If necessary, add supplemental language support and adjust the default language for non-Unicode programs.
- Configure the network connection to have a static IP address.
- The Forcepoint management server hostname must not include an underscore sign. Internet Explorer does not support such URLs.
- Short Directory Names and Short File Names must be enabled (registry value set to “0”). (See http://support.microsoft.com/kb/121007.)
- Create a local administrator to be used as a service account. If your deployment includes more than one Forcepoint DLP server, use a domain account (preferred), or the use same local user name and password on each machine.
- Be sure to set the system time accurately on the Forcepoint management server.
- For Forcepoint DLP Server, v9.0:
- Ensure that the Microsoft Visual C++ redistributable version 2022 (or later) is installed before installing the Forcepoint DLP Manager. Download the Visual C++ Redistributable for Visual Studio 2022 (or later) from Microsoft.
- Protector hardware requirements
Hardware Minimum requirements Recommended CPU 2 Dual-core Intel Xeon processors (2.0 GHz) or AMD equivalent 2 Quad-core Intel Xeon processors (2.0 GHz) or AMD equivalent Memory 2 GB 4 GB Hard drives 2–72 GB 4–146 GB Disk space 144 GB 292 GB Hardware RAID none 1 + 0 NICs 2 (monitoring) 2 (monitoring)
- Analytics engine hardware requirements
The server running the analytics engine must meet the following hardware requirements:
Small to medium business
Hardware Minimum Recommended CPU 4 core processors 8 core processors Memory 8 GB 16 GB Hard drives 100 GB 100 GB NICs 1 1 Medium to large business
Hardware Minimum Recommended CPU 8 core processors 8 core processors Memory 16 GB 20 GB Hard drives 100 GB 100 GB NICs 1 1
- Forcepoint F1E solutions requirements
For information on hardware and operating system requirements for Forcepoint F1E agents, see the Installation and Deployment Guide for Forcepoint F1E Solution and Certified Product Matrix.