Forcepoint security solutions deployment overview

Applies to:
  • Forcepoint Web Security and Forcepoint URL Filtering, v8.5.x
  • Forcepoint DLP, v8.5.x, v8.6.x, v8.7.x, v8.8.x, v8.9.x, v9.0
  • Forcepoint Email Security, v8.5.x
  • Forcepoint appliances, v8.5.x

Forcepoint Web Security, Forcepoint Email Security, and Forcepoint DLP may be deployed together to create a comprehensive security solution.

  • The Forcepoint Security Manager, the management interface for web, data, and email advanced protection solutions, resides on a Windows server.
  • Forcepoint Web Security may be deployed on Forcepoint appliances, dedicated Windows or Linux servers, or a combination of platforms.
  • Forcepoint DLP runs on Windows servers, optional appliances, and elsewhere in the network. Some components run in cloud infrastructures such as Microsoft Azure.
  • Forcepoint Email Security enforcement components reside on Forcepoint appliances or in Microsoft Azure. Management and reporting components reside on Windows servers. Starting in version 8.5.3, management and reporting components may be deployed in Microsoft Azure.

High-level deployment diagram

The diagram shows an appliance-based deployment:

Remote office and off-site users

You can use the Forcepoint Web Security Hybrid Module to provide web security for small remote offices. This is accomplished by designating a remote office as a hybrid filtered location. See the Forcepoint Web Security Administrator Help for details.

The hybrid service can also provide web security for off-site users (that is, users working from home, traveling, and so on).

User requests can be directed to the hybrid service using a PAC file or endpoint client software. This allows the hybrid service to analyze web requests and enforce policies.

Hybrid services

If your subscription includes the Forcepoint Web Security and Forcepoint Email Security Hybrid Module:
  • The cloud-based hybrid web service can provide Internet security for remote offices and off-site users.
  • The cloud-based email hybrid service provides an extra layer of email scanning, stopping spam, virus, phishing, and other malware attacks before they reach your network and possibly reducing email bandwidth and storage requirements.

The hybrid service can also be configured to encrypt outbound email before delivery to its recipient.

Forcepoint Web Security and Forcepoint Email Security appliances

Forcepoint appliances may be used to deploy core web and email protection functionality.
  • The Content Gateway proxy on the appliance manages web traffic. Both Forcepoint Web Security and Forcepoint DLP Network include Content Gateway.
  • Incoming email flows from the email hybrid service (if enabled) to the Forcepoint appliance and to your mail server. The Forcepoint appliance also provides the Personal Email Manager facility for end users to manage quarantined email.

Forcepoint Email Security and Forcepoint Web Security cannot be deployed on the same appliance.

Forcepoint DLP appliance

The Forcepoint DLP appliance can be used in protector or mobile agent mode. The protector monitors and reports data loss and leaks of sensitive information. Using PreciseID technology, the protector can be configured to accurately monitor sensitive information-in-transit on any port.

The mobile agent monitors and blocks data downloaded to mobile devices that perform synchronization operations with the Exchange server. With the mobile agent, you can monitor and block data transmitted in email messages, calendar events, and tasks. The protector and mobile agent are available as a Linux-based soft or physical V5000 appliance.

Components that may not be installed on Forcepoint appliances

Forcepoint management server:

The Forcepoint management server is the Windows server on which the Forcepoint Security Manager is installed. The Security Manager is the management and reporting interface for Forcepoint web, data, and email protection solutions.

Core Forcepoint DLP components also reside on the management server machine to enable key features, including web and email DLP.

Linking Service, which connects Forcepoint DLP and Forcepoint Web Security, also usually resides on the management server.

Web and Email Log Server

A separate Windows machine hosts two instances of Log Server: one for Forcepoint Web Security and one for Forcepoint Email Security. These services receive information about web and email traffic and process it into their respective Log Database.

Optional web protection components

Sync Service and transparent identification agents (DC Agent, Logon Agent, eDirectory Agent, and RADIUS Agent) may not reside on Forcepoint appliances.

Also, you can install additional instances of several web protection components on Windows or Linux servers, if needed.

Forcepoint DLP agents

The crawler, analytics engine, and the endpoint server for Forcepoint DLP Endpoint are installed on appropriate machines.

See Installing Forcepoint DLP for details.

Forcepoint DLP Endpoint (User Machine)

Forcepoint DLP Endpoint can be installed on supported Windows, Mac, and Linux machines.

Third-party components

Microsoft SQL Server:

Microsoft SQL Server, running on a Windows server in your network, is used to store logging, reporting, and in some cases, configuration data for Forcepoint security solutions. Quarantined email messages are also stored here.

When Forcepoint security solutions are installed, SQL Server must be installed and running, typically on its own. SQL Server Express (installed using the Forcepoint Security Installer, in certain cases) may be used in small deployments or evaluation environments.