System requirements for this version

Applies to In this topic
  • Forcepoint Web Security and Forcepoint URL Filtering, v8.5.x
  • Forcepoint DLP, v8.5.x, v8.6.x, v8.7.x, v8.8.x, v8.9.x
  • Forcepoint Email Security, v8.5.x
  • Forcepoint Appliances, v8.5.x
  • Forcepoint management server requirements
  • Supported Forcepoint appliance models and modes
  • Reporting database requirements
  • Requirements for web protection solutions
  • Requirements for email protection solutions
  • Forcepoint DLP requirements
  • Analytics engine hardware requirements
Note:
  • Forcepoint DLP v9.0 and later is supported with Forcepoint Web and Email Security v8.5.5.
  • Forcepoint DLP v8.7.1 and later is supported with Forcepoint Web and Email Security v8.5.4.
  • Forcepoint DLP v8.6 and v8.7 are supported with Forcepoint Web and Email Security v8.5.3.
  • Forcepoint DLP v8.5.1 is supported with Forcepoint Web and Email Security v8.5.0.
  • Forcepoint DLP v8.5.0 and v8.5.2 are stand-alone versions of that product and cannot be integrated with other Forcepoint products.
  • Forcepoint management server requirements

    The Forcepoint management server hosts the Forcepoint Security Manager (Security Manager), which includes:

    • The infrastructure uniting all management components
    • A settings database for administrator account information and other shared data
    • One or more management modules, used for configuration, policy management, and reporting

    Additional components may also reside on the management server. For a list of operating systems that are supported, see the Certified Product Matrix on the Forcepoint website.

  • Hardware requirements

    The recommended hardware requirements for a Forcepoint management server vary depending on whether Microsoft SQL Server Express (used only for evaluations or very small deployments) is installed on the machine.

    Note:
    • Forcepoint DLP allows for either local or remote installation of the forensics repository. If the repository is hosted remotely, deduct 90 GB from the Forcepoint DLP disk space requirements.
    • It is strongly recommended that you allocate more than the minimum listed disk space to allow for scaling with use. The “recommended” option allows for scaling as reporting data accumulates.
    • If you install the product on a drive other than the main Windows drive (typically C), it must have at least 4 GB free on the Windows partition to accommodate the Forcepoint Security Installer.

    With remote (standard or enterprise) reporting database

    Management modules Recommended Minimum
    Web Security 8 CPU cores (2.5 GHz), 16 GB available RAM, 400 GB Disk Space 4 CPU cores (2.5 GHz), 8 GB available RAM, 146 GB Disk Space
    Data Security 8 CPU cores (2.5 GHz), 16 GB available RAM, 400 GB Disk space 4 CPU cores (2.5 GHz), 16 GB available RAM, 146 GB Disk Space
    Web Security and Data Security 8 CPU cores (2.5 GHz), 20 GB available RAM, 400 GB Disk Space 4 CPU cores (2.5 GHz), 16 GB available RAM, 146 GB Disk Space
    Email Security and Data Security 8 CPU cores (2.5 GHz), 20 GB available RAM, 400 GB Disk Space 4 CPU cores (2.5 GHz), 16 GB available RAM, 146 GB Disk Space
    Web Security, Data Security, and Email Security 8 CPU cores (2.5 GHz), 24 GB available RAM, 550 GB Disk Space 8 CPU cores (2.5 GHz), 20 GB available RAM, 146 GB Disk Space

    With local (express) reporting database

    Management modules Recommended Minimum
    Web Security 8 CPU cores (2.5 GHz), 16 GB available RAM, 400 GB Disk Space 4 CPU cores (2.5 GHz), 8 GB available RAM, 240 GB Disk Space
    Data Security 8 CPU cores (2.5 GHz), 16 GB available RAM, 400 GB Disk space 4 CPU cores (2.5 GHz), 16 GB available RAM, 240 GB Disk Space
    Web Security and Data Security 8 CPU cores (2.5 GHz), 20 GB available RAM, 400 GB Disk Space 4 CPU cores (2.5 GHz), 16 GB available RAM, 240 GB Disk Space
    Email Security and Data Security 8 CPU cores (2.5 GHz), 20 GB available RAM, 400 GB Disk Space 4 CPU cores (2.5 GHz), 16 GB available RAM, 240 GB Disk Space
    Web Security, Data Security, and Email Security 8 CPU cores (2.5 GHz), 24 GB available RAM, 600 GB Disk Space 8 CPU cores (2.5 GHz), 20 GB available RAM, 240 GB Disk Space
  • Forcepoint Security Manager browser support

    The Security Manager is a web-based tool that runs on a variety of popular browsers. For a list of browsers and versions that are supported, see the Certified Product Matrix on the Forcepoint website.

    Although it is possible to launch the Security Manager using non-supported browsers, you may not receive full functionality and proper display of the application.

  • Virtualization systems
    Note:
    • Forcepoint Web Security v8.5.3 and v8.5.4, Forcepoint Email Security v8.5.3 and v8.5.4, and Forcepoint DLP v8.6 and later are not supported on Windows Server 2008 R2.
    • Forcepoint Web Security v8.5.4 and Forcepoint DLP v8.7.1 and later are not supported on Windows Server 2012 R2 Datacenter Edition.
    All Security Manager components, as well as secondary Forcepoint DLP servers, are supported on the following virtualization systems. Other components (used for enforcement, analysis, or reporting) may have additional requirements that are not supported by these virtualization environments.
      • Windows Server 2008 R2 SP1 over Hyper-V 2008 R2
      • Windows Server 2008 R2 SP1 and Windows Server 2012 over Hyper-V 2012
      • Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 over Hyper-V 2012 R2
      • Windows Server 2008 R2 SP1 over VMware ESXi v5.x
      • Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 over VMware ESXi 6.x
    Note: When ESXi is downloaded, a license key is generated and displayed on the download page. Make a note of this license key for use during installation.

    Before installing Forcepoint software on a VM via ESXi, ensure that the VMware tools are up to date and that all hardware is compatible with VMware ESXi. Additionally, make sure that the resource specifications defined earlier in this document for non-virtualized systems are met.

  • Directory services for administrator authentication

    If you allow users to log on to the Security Manager using their network accounts, the following directory services can be used to authenticate administrator logons:

    • Microsoft Active Directory
    • Lotus Notes
    • Generic LDAP directories
    • Novell eDirectory
    • Oracle Directory Services
  • Reporting database requirements

    For all Forcepoint security solutions, Microsoft SQL Server is used to host the reporting database.

    • For evaluations and small deployments, some versions of the Forcepoint Security Installer can be used to install Microsoft SQL Server Express.

      When included, use only the version of SQL Server Express included in the Forcepoint Security Installer. If not included, download and install the supported version of SQL Server Express from Microsoft.

    • Larger organizations are advised to use Microsoft SQL Server Standard, Business Intelligence, or Enterprise. These SQL Server editions cannot reside on the Forcepoint management server.

      SQL Server clustering may be used with all supported standard and enterprise versions of Microsoft SQL Server for failover or high availability (Forcepoint Email Security and Forcepoint Web Security only).

    The supported database engines are listed in the Certified Product Matrix.

  • Requirements for web protection solutions
    • Software components:

      Do not install web protection components on a domain controller machine. The following components are Windows-only. See the Certified Product Matrix for a list of supported Windows versions.

      • Forcepoint Security Manager
      • Linking Service
      • Log Server
      • Cloud App Service
      • DC Agent
      • Real-Time Monitor

      Content Gateway is a Linux-only component. See the Certified Product Matrix for a list of supported operating systems. See Content Gateway for additional information.

      All other web protection components can run on any of the supporting operating systems listed on the Certified Product Matrix.

    • Web components not available on Forcepoint appliances

      The following web protection components do not run on appliances. If used, they must be installed off-appliance.

      • Forcepoint Security Manager
      • Log Server
      • Sync Service
      • DC Agent
      • Logon Agent
      • Cloud App Service
      • Real-Time Monitor
      • Linking Service
      • Remote Filtering Server and Client (Forcepoint URL Filtering only)
      • eDirectory Agent
      • RADIUS Agent
      • Network Agent (not available on X Series)
    • Content Gateway
      Important: Core policy components must be installed prior to Content Gateway. When Filtering Service is installed, Content Gateway must be specified as the integration product. See Installation Instructions: Forcepoint Web Security.
      • Hardware
        CPU Quad-core running at 2.8 GHz or faster
        Memory 6 GB minimum
        Red Hat Enterprise Linux 6 series, 64-bit 8 GB recommended
        Disk space

        2 disks:

        • 100 GB for the operating system, Content Gateway, and temporary data.
        • 147 GB for caching
          Important: If caching will not be used, this disk is not required.

        The caching disk:

        • Should be at least 2 GB and no more than 147 GB
        • Must be a raw disk, not a mounted file system
        • Must be dedicated
        • Must not be part of a software RAID
        • Should be, for best performance, a 10K RPM SAS disk on a controller that has at least 64 MB of write-through cache.
        Network Interfaces 2
      • To support transparent proxy deployments
        Router

        Must support WCCP v2.

        A Cisco router must run iOS 12.2 or later. The latest version is recommended.

        To support IPv6, WCCP v2.01 and Cisco router version 15.4(1)T or later are required.

        Client machines, the destination Web server, and Content Gateway must reside on different subnets.

        Layer 4 switch

        You may use a Layer 4 switch rather than a router.

        To support WCCP, a Cisco switch requires the EMI or IP services image of the 12.2SE IOS release (or later).

        Content Gateway must be Layer 2 adjacent to the switch.

        The switch must be able to rewrite the destination MAC address of frames traversing the switch.

        The switch must be able to match traffic based on the layer 4 protocol port (i.e., TCP port 80).

      • Software

        Content Gateway is supported on the operating systems listed on the Certified Product Matrix , as well as Forcepoint V Series, X Series, and Virtual Appliances.

        Forcepoint provides “best effort” support for newer versions of Red Hat Enterprise Linux. Under “best effort” support, Technical Support makes a best effort to troubleshoot cases in standard fashion unless the issue is deemed a Red Hat Enterprise Linux-specific issue, at which point you must contact Red Hat directly for assistance.

        Only kernels shipped with the supported Linux versions are supported by Content Gateway. Visit www.redhat.com for kernel information. To display the kernel version installed on your system, enter the command:

        /bin/uname -r

      • Required libraries in Red Hat Enterprise Linux

        During Content Gateway installation, the installer will list missing packages and then exit the installer.

        To install the missing packages, the operating system must have a repository of available libraries. The Media repository on the Red Hat Enterprise Linux install DVD is an acceptable source of packages.

        After the repository is set up, all of the required dependencies can be automatically resolved by running:

        For Linux 6.x:

        yum install wcg_deps-1-0.noarch.rpm

        For Linux 7.x:

        yum install wcg_rh7_deps-1-0.noarch.rpm

        The above RPM is included in the Content Gateway install tree, at the same level as wcg_install.sh.

      • Integration with Forcepoint DLP

        Any version can be used via the ICAP interface. However, use of the integrated, on-box components is strongly recommended. See Content Gateway Manager Help for configuration instructions.

      • Web browsers

        Content Gateway is configured and maintained with a web-based user interface called the Content Gateway manager. See the Certified Product Matrix for a list of browser the Content Gateway manager supports.

        Note: The browser restrictions mentioned in the product matrix above apply only to the Content Gateway Manager and not to client browsers proxied by Content Gateway.
    • Client OS

      The logon application (LogonApp.exe) is supported on the following operating systems:

      • Windows Vista with Service Pack 1 or higher (32-bit and 64-bit)
      • Windows 7 with Service Pack 1 (32-bit and 64-bit)
      • Windows 8
      • Windows 8.1 (v7.8.2 and later)
      • Windows 8.1, Update 1 (v7.8.3 and later)
      • Windows 10
      • Windows Server 2003
      • Windows Server 2008 R2 SP1
      • Mac OS X 10.8, 10.9.2, 10.9.5, and 10.10 (64-bit)
    • Integrations

      Forcepoint URL Filtering may be integrated with the following third-party products.

      Product Versions
      Microsoft Forefront TMG 2010
      Cisco ASA v8.0 or later
      Cisco Router iOS v15 or later
      Citrix Presentation Server 4.5
      Citrix XenApp 6.0 or 6.5

      In addition, products that can be configured to use ICAP can be integrated via the ICAP Service.

    • Directory services for user identification

      Web protection solutions can use the following directory services listed in the Certified Product Matrix for user identification and authentication:

    • RADIUS
      Most standard RADIUS servers are supported. The following have been tested:
      • Cistron RADIUS Server
      • Livingston (Lucent) 2.x
      • Merit AAA
      • Microsoft IAS
      • NMAS authentication
  • Requirements for email protection solutions

    The Forcepoint Email Security on-premises solution is exclusively appliance-based (V Series, X Series, and Virtual Appliance), except for the following components:

    • Email Security module of the Forcepoint Security Manager, which runs on the Forcepoint management server (see Forcepoint management server requirements).
    • Log Server, which runs on a Windows Server 2008 R2 SP1, 2012, 2014, or 2016 machine.
      • Windows Server 2008 R2 is not supported for v8.5.3 or v8.5.4.

      All components in the deployment, including those running off-appliance, must run the same version of Forcepoint software.

      See the Forcepoint Appliances Getting Started Guide for appliance specifications.

      Forcepoint Email Security version 8.5.x can be installed in a Microsoft Azure cloud environment. See Installing Forcepoint Email Security in Microsoft Azure for more information.

  • Forcepoint DLP requirements

    Operating system

    Forcepoint DLP Component Supported Operating Systems 64-bit
    Management server Windows Server 2008 Standard or Enterprise, R2 SP1 (version 8.5.x only; not supported in version 8.6 or 8.7)
    Windows Server 2012 Standard Edition
    Windows Server 2012 Standard Edition R2
    Windows Server 2016 Standard Edition
    Windows Server 2019 Standard Edition
    Supplemental servers Windows Server 2008 Standard or Enterprise, R2 SP1 (version 8.5.x only; not supported in version 8.6 or 8.7)
    Windows Server 2012 Standard Edition
    Windows Server 2012 Standard Edition R2
    Windows Server 2016 Standard Edition
    Windows Server 2019 Standard Edition
    Forcepoint DLP Email Gateway

    CentOS 7.2

    CentOS 7.5 (added in version 8.6)

    Web Content Gateway

    Red Hat Enterprise Linux 6.8, 6.9, 7.2, 7.3, and

    7.4

    Crawler agent Windows Server 2008 Standard or Enterprise, R2 SP1 (version 8.5.x only; not supported in version 8.6 or 8.7)
    Windows Server 2012 Standard Edition
    Windows Server 2016 Standard Edition
    Windows Server 2019 Standard Edition
    Protector*

    CentOS 7

    CentOS 7.5 (added in version 8.6)

    CentOS 7.9 (added in version 8.8.1) Red Hat 7.5 (added in version 8.6)

     
    Analytics engine

    CentOS 7

    CentOS 7.5 (added in version 8.6)

     
    Endpoint agent See the Certified Product Matrix  

    *This operating system is installed as part of the protector “software appliance” installation.

    Protector is supported on VMware systems in the Mail Transport Agent (MTA) mode and/or as an ICAP server with remote analysis (no local analysis). Other modes of deployment are not certified.

  • Forcepoint DLP server hardware requirements
    Server hardware Minimum requirements Recommended
    CPU 4 CPU cores (2.5 GHz) 8 CPU cores (2.5 GHz)
    Memory 16 GB available RAM 16 GB available RAM
    Hard drives Two 72 GB Four 146 GB
    Disk space 146 GB 400 GB
    Free space 70 GB 70 GB
    Hardware RAID 1 1 + 0
    NICs 1 2
  • Forcepoint DLP server software requirements

    The following requirements apply to all Forcepoint DLP servers:

    • For optimized performance, verify that the operating system’s file cluster is set to 4096B. For more information, see the Knowledge Base article “File System Performance Optimization.”
    • Windows installation requirements:
      • Set the partition to 1 NTFS Partition. For more information, see the Knowledge Base article: “File System Performance Optimization.”
      • Regional Settings: should be set according to the primary location. If necessary, add supplemental language support and adjust the default language for non-Unicode programs.
      • Configure the network connection to have a static IP address.
      • The Forcepoint management server hostname must not include an underscore sign. Internet Explorer does not support such URLs.
      • Short Directory Names and Short File Names must be enabled (registry value set to “0”). (See http://support.microsoft.com/kb/121007.)
      • Create a local administrator to be used as a service account. If your deployment includes more than one Forcepoint DLP server, use a domain account (preferred), or the use same local user name and password on each machine.
      • Be sure to set the system time accurately on the Forcepoint management server.
  • Protector hardware requirements
    Hardware Minimum requirements Recommended
    CPU 2 Dual-core Intel Xeon processors (2.0 GHz) or AMD equivalent 2 Quad-core Intel Xeon processors (2.0 GHz) or AMD equivalent
    Memory 2 GB 4 GB
    Hard drives 2–72 GB 4–146 GB
    Disk space 144 GB 292 GB
    Hardware RAID none 1 + 0
    NICs 2 (monitoring) 2 (monitoring)
  • Analytics engine hardware requirements

    The server running the analytics engine must meet the following hardware requirements:

    Small to medium business

    Hardware Minimum Recommended
    CPU 4 core processors 8 core processors
    Memory 8 GB 16 GB
    Hard drives 100 GB 100 GB
    NICs 1 1

    Medium to large business

    Hardware Minimum Recommended
    CPU 8 core processors 8 core processors
    Memory 16 GB 20 GB
    Hard drives 100 GB 100 GB
    NICs 1 1