Additional configuration for the Web Security DLP Module

Applies to:
  • Forcepoint Web Security, v8.5.x

In addition to the items under Initial configuration for web protection solutions, perform these procedures if your subscription includes the DLP Module.

Confirm Content Gateway registration with Forcepoint DLP

Content Gateway registers with Forcepoint DLP automatically. To ensure that registration is successful:

  • Synchronize the date and time on the Content Gateway and Forcepoint management server machines to within a few minutes.
  • If Content Gateway is deployed as a transparent proxy, ensure that traffic to and from the appliance management interface (C) is not subject to transparent routing. If it is, the registration process will be intercepted by the transparent routing and will not complete properly.
  • Make sure that the IPv4 address of the eth0 NIC on the Content Gateway machine is available (not required if Content Gateway is located on a Forcepoint appliance). This is the NIC used by the Forcepoint management server during the registration process.

    After registration, the IP address can move to another network interface.

If registration fails an alarm displays in the Content Gateway manager.
  1. Verify connectivity between Content Gateway and the Forcepoint management server.
  2. In the Content Gateway manager, navigate to the Configure > My Proxy > Basic > General page.
  3. In the Networking section, confirm that Web DLP > Integrated on-box is enabled.
  4. Restart Content Gateway to initiate another registration attempt.
    Alternatively:
    1. Go to the Configure > Security > Web DLP page and enter the IP address of the management server.
    2. Enter a user name and password for an administrator with Deploy Settings privileges in the Data Security module of the Security Manager.
    3. Click Register.
After Content Gateway has registered with Forcepoint DLP:
  1. In the Content Gateway manager, go to the Configure > Security > Web DLP page.
  2. Enable Analyze FTP Uploads to send FTP uploads to DLP Module components for analysis and policy enforcement.
  3. Enable Analyze HTTPS Content to send decrypted HTTPS posts to DLP Module components for analysis and policy enforcement. SSL Manager must be enabled on Content Gateway.

    These options can be accessed whenever Forcepoint DLP is registered by going to the Configure > Security > Web DLP > General page.

  4. Click Apply and restart Content Gateway.

See Forcepoint DLP ports for ports used by DLP Module components to communicate with the Content Gateway proxy.

Configuring the Content Gateway policy engine

When Content Gateway is registered with DLP Module components, Content Gateway appears on the System Modules page in the Data Security module of the Forcepoint Security Manager.

By default, this agent is configured to monitor web traffic, not block it, and for a default violation message to appear when an incident is triggered. If this is acceptable, you do not need to make changes to the Content Gateway configuration. Simply deploy the new settings.

If you want to block web traffic that breaches policy and customize the violation message, do the following:

  1. From the DLP Module of the Forcepoint Security Manager, select Settings > Deployment > System Modules.
  2. Select the Content Gateway module in the tree view (click the module name itself, not the plus sign next to it).

    It will be listed as Content Gateway on <FQDN> (<PE_version>), where <FQDN> is the fully-qualified domain name of the Content Gateway machine and <PE_version> is the version of the Content Gateway policy engine.

  3. Select the HTTP/HTTPS tab and configure the blocking behavior you want.

    Select Help > Explain This Page for instructions for each option.

  4. Select the FTP tab and configure the blocking behavior you want.

    Select Help > Explain This Page for instructions for each option.

  5. Click Save to save your changes.
  6. Click Deploy to deploy your settings.
    Important: Even if you do not change the default configuration, you must click Deploy to finalize your Content Gateway deployment process.

Verifying web and data protection linking

When Linking Service is installed, it allows Web DLP components to access user identification and URL categorization data. To verify that it is working:

  1. Log onto the DLP Module of the Forcepoint Security Manager.
  2. Select Settings > General > Linking Service.
  3. Verify settings and test the connection.

    Select Help > Explain This Page for detailed information about the settings on this screen.

  4. Click OK to save any changes.
  5. Click Deploy to deploy your settings.