Content Gateway initial configuration
Applies to: |
---|
|
After Content Gateway is installed, perform these basic configuration activities:
Note: The subscription key is automatically applied to Content Gateway when you enter it in the Web Security module of the Forcepoint Security Manager.
- Log onto the Content Gateway manager and run a basic test (Getting Started)
- If there are multiple instances of Content Gateway, consider configuring a managed cluster.
- Configure protocols to proxy in addition to HTTP: HTTPS (SSL support), FTP
- Complete your explicit or transparent proxy deployment
- Content Gateway explicit and transparent proxy deployments
- In Content Gateway Manager Help: Explicit proxy, Transparent proxy
- If proxy user authentication will be used, configure user authentication. Alternatively, configure Other methods of user identification using the Other methods of user identification section in Content Gateway deployment issues.
- Configure the real-time Scanning Options in the Forcepoint Security Manager
- If you enabled content caching during installation, configure content caching.
After the base configuration has been tested, consider these additional activities:
- When HTTPS (SSL support) is used, configure categories, clients, and destination servers for SSL decryption bypass in the Forcepoint Security Manager.
- Create Content Gateway filtering rules to:
- Deny or allow URL requests
- Insert custom headers
- Allow specified applications, or requests to specified web sites to bypass authentication
- Keep or strip header information from client requests
- Prevent specified applications from transiting the proxy
- In explicit proxy deployments, customize the PAC file
- In transparent proxy deployments, use ARM dynamic and static bypass, or use router ACL lists to bypass Content Gateway (see your router documentation)
- The ARM (Adaptive Redirection Module) module of Content Gateway uses a firewall. To facilitate interception and redirection of traffic:
- IPTables rules are configured during installation of Content Gateway.
- Forcepoint IPTables chains are inserted.
- Forcepoint IPTables rules are also inserted into existing chains.
- Forcepoint chains and rules use “NC_” as a prefix for identification purposes.
- IPTables rules configured outside of Content Gateway Manager must
- Be inserted after Forcepoint rules.
- Never be added to Forcepoint chains.
- Forcepoint chains and rules should never be edited.
- If customized chains or rules impact the Forcepoint configuration, navigate to /opt/wcg/bin and execute the following to re-establish the Forcepoint IPTables chains and
rules.:
netcontrol.sh -r
- IPTables rules are configured during installation of Content Gateway.