Configure the Content Gateway policy engine

When Content Gateway is registered with the management server, a Content Gateway module is added to the System Modules in the Data Security module of the Forcepoint Security Manager.

By default, this agent is configured to monitor web traffic, not block it, and for a default violation message to appear when an incident is triggered. To continue using this default behavior, no Content Gateway configuration changes are needed. Simply deploy settings in the Security Manager to activate the default configuration.

To instead block web traffic that breaches policy, or to customize the violation message, do the following:

Steps

  1. Log on to the Data Security module of the Security Manager.
  2. Go to the Settings > Deployment > System Modules page.
  3. Select the Web Content Gateway module in the tree view (click the module name itself, not the plus sign next to it).
    It will be listed as “Forcepoint Web Security Server on <FQDN> (<PE_version>),” where <FQDN> is the fully-qualified domain name of the Content Gateway machine and <PE_version> is the version of the Content Gateway policy engine.
  4. Select the HTTP/HTTPS tab to configure HTTP(S) blocking behavior.
    Select Help > Explain This Page for instructions for each option.
  5. Select the FTP tab to configure FTP blocking behavior.
    Select Help > Explain This Page for instructions for each option.
  6. Click Save to save the changes.
  7. Click Deploy to deploy the settings.
    Important: Even if the default configuration is not changed, it is still necessary to click Deploy to finalize the Content Gateway deployment process.