System requirements

For information about version compatibility, see the Version Equivalencies Between Forcepoint DLP and EIP Infrastructure/Web/Email Components.

To view complete hardware, software, and web browser requirements for Forcepoint Email Security, see System requirements for this version.

Every Forcepoint Email Security deployment includes the following components at a minimum:

In the DMZ
  • A Forcepoint appliance (V Series, X Series blade, or Virtual Appliance), which includes the core email protection functions, along with the Personal Email Manager and Secure Messaging end-user facilities.

Email traffic volume in your network may determine which type of appliance you use and how many appliances your deployment needs.

In the internal LAN
  • Forcepoint Security Manager with both Email Security and Data Security modules installed on a Windows Server™ 2008 R2 SP1, 2012, 2012 R2, 2016, or 2019 machine.
    • Windows 2008 R2 is not supported for version 8.5.3 or 8.5.4.
  • Email Log Server
  • Email Log Database (Microsoft™ SQL Server™ 2008, 2008 R2, 2012, 2014, 2016, or 2017, including Express)
    • SQL Server 2008 R2 is not supported for version 8.5.3 or 8.5.4
  • Mail server
  • End-user machines: mail clients used by end user
Note: All email protection components must be synchronized by date and time for proper system communication.

The network DMZ contains the devices that have direct contact with the Internet. This zone is a buffer between the Internet and the internal LAN. In our examples, the appliance and any router, switch, or load balancer adjacent to the firewall are located in the DMZ.

Forcepoint appliances

The Forcepoint V Series, X Series, and Virtual Appliances provide the majority of email protection functions. Incoming email flows from the Forcepoint Email Security Hybrid Module (if purchased and enabled) to the Forcepoint appliance and to the mail server. The Forcepoint appliance also provides the Personal Email Manager and Secure Messaging end-user facilities.

Forcepoint Email Security can occupy individual blade servers on an X Series appliance. The X Series chassis may include a combination of Email Security and Web Security blade servers.

See the Forcepoint Appliances Getting Started Guide for detailed hardware specifications.

Forcepoint management server

The Forcepoint management server hosts the Forcepoint Security Manager. This machine includes Forcepoint Management Infrastructure and any installed Forcepoint management modules. In a Forcepoint Email Security deployment, the Forcepoint management server includes both the Email Security and Data Security modules.

Email Log Server

The Forcepoint management server often includes the Email Log Server component, although this component can also be installed on a separate machine in an on-premises deployment. If the Forcepoint management server is installed in Microsoft Azure, the Log Server must reside in the same machine. The Log Server passes message data to the SQL Server reporting database (Email Log Database) for use in generating dashboard charts and reports, messages, and Message Log data.

During installation, a user configures certain aspects of Log Server operation, including how Log Server interacts with the Email Security module. These settings can be changed when needed via the Email Log Server Configuration utility. Other details about Log Server operation are configured in this utility as well. The utility is installed on the same machine as Log Server.

Email Log Database (Microsoft SQL Server)

Microsoft SQL Server handles the system and message log database and stores some Email Security module configuration settings. SQL Server may be installed on the Forcepoint management server or on a dedicated server. For optimal performance, Forcepoint recommends that a full SQL Server be installed on a separate machine. (SQL Server Express, which can be installed as part of the Forcepoint Security Manager installation with certain versions, is recommended only for evaluation purposes.) For information about database systems in Forcepoint products, see Administering Forcepoint Databases.

Personal Email Manager

The email appliance is the portal for Personal Email Manager end users who are authorized to manage their own blocked mail. Personal Email Manager end-user options are configured in the Security Manager Email Security module interface (Settings > Personal Email). A Personal Email Manager administrator can determine:
  • Which end users can access the Personal Email Manager utility and which actions, if any, those users are allowed to perform on blocked messages
  • What the blocked email notification message contains
  • Which end users are allowed to manage personal Always Block and Always Permit lists
  • Whether a user can manage multiple email accounts
  • Whether a user can delegate email account management responsibilities to another individual

Secure Messaging portal

The email appliance also provides the Secure Messaging end-user portal to allow an organization to maintain a secure area for its customers to view and manage messages that contain sensitive data. Customers can view received messages and reply to or forward a received message in this portal.

Forcepoint Email Security in Microsoft Azure

Forcepoint Email Security can be deployed in a Microsoft Azure public cloud environment. See Installing Forcepoint Email Security in Microsoft Azure. The following is required for Azure deployment:
  • A Microsoft Azure account (activated)
  • Microsoft Office 365 with Outlook
  • A virtual network (minimum supported size: /16) and subnet (minimum supported size: /24) in Azure with connectivity to on-premises resources through a site-to-site VPN.
  • Resources installed on-premises: SQL Server and Forcepoint Security Manager

The preceding two items are only necessary if you are installing Forcepoint Email Security in Azure with Forcepoint Security Manager remaining on-premises. If you are installing both Email Security and Security Manager together in Azure, these two items are not needed.