Step2: Firewall and network access prerequisites

Describes firewall and network access prerequisites.

Forcepoint ONE SSE CASB and Forcepoint DLP integration is based on the following HTTPS network connections:

  • FSM to the Forcepoint ONE SSE
    Each of the below domains will resolve to multiple IP addresses, and all should be included in any firewall Access Control Lists (ACLs).
    • Commercial Cloud:
      • portal.bitglass.com
      • proxyapi.bitglass.com
    • EU Cloud:
      • portal.eu.bitglass.net
      • proxyapi.eu.bitglass.net
    • Trial Cloud:
      • portal.us.bitglass.net
      • proxyapi.us.bitglass.net
  • FSM to DPS (if you need to configure the connections through your proxy, open a support case so that support team can share the procedure with you).

If the FSM is behind your network firewall or any other network access control system, you must allow connections on port 443.

If you want to allow specific Forcepoint ONE SSE IP addresses for security reasons, see the list of IP addresses in Forcepoint ONE Bypass Lists for Firewalls and Security Software.

Along with the Forcepoint ONE SSE IP addresses, you also need to add following URLs to bypass lists to allow access from the Forcepoint Security Manager DLP to the corresponding Forcepoint ONE SSE tenants:
  • Common URLs for every customer:
    • "dps_object_store_service_url": https://oss.prd01.us-east-1.dps.forcepoint.io
    • "dps_object_store_service_url_async_inspection": https://oss-async-inspection.prd01.us-west-2.default.dps.forcepoint.io
    • "neo_auth_service_url": https://auth-service.prd01.us-east-1.dup.forcepoint.io
    • "auth_service_url": https://auth-service.prd01.us-east-1.dup.forcepoint.io
  • Unique domain for every DPS instance *.forcepoint.io. However, each of these URLs will have the Tenant ID information. Check your JSON file for these specific URLs.
    • "dps_url": https://<tenant_id>.dps.forcepoint.io
    • "dps_url_async_email": https://email-<tenant_id>.dps.forcepoint.io
    • "dps_url_async_casb": https://casb-<tenant_id>.dps.forcepoint.io
    • "dps_ping_url": https://<tenant_id>.dps.ip.forcepoint.io/ping
  • Relevant AWS IP addresses for your DPS hosted region.

    You can determine the AWS region in which your DPS tenant is hosted by referring to the "primary_region" and “dps_service_location” values from your JSON file. To know AWS IP addresses for your DPS hosted region, refer to AWS IP address ranges.