Step8: Configure SWG content policies for SWG access in Forcepoint ONE SSE
Describes how to configure SWG content policy in Forcepoint ONE SSE.
A new predefined data pattern named Forcepoint DLP is available under page once a valid DPS license is uploaded to Forcepoint ONE SSE.
After uploading and validating DPS JSON license in Forcepoint ONE SSE, you can now use Forcepoint DLP data pattern in Secure App Access policy action modals as a Data pattern in all your SWG policies.
Forcepoint DLP Data Pattern in SWG Content Policy
After uploading and validating JSON license file, you can use the Forcepoint DLP data pattern while configuring SWG Content Policy. Refer to SWG Content Policy to create or edit existing policy.
While creating SWG content policy, if you select Forcepoint DLP as the data pattern in any of the Actions dialog for Secure App Access, then:
- The FSM Enforced option gets populated in Action field as the action is configured on the FSM. The FSM Enforced is the
only option available for selection.
If an action other than Allow that is not supported by the application is returned when using Forcepoint DLP data pattern, Forcepoint ONE SSE translates it as a Deny.
To send notifications when the Forcepoint DLP returns an action other than Allow, click Notify.
While configuring the SWG Content policy, you can select only Anti-malware data patterns that you have purchased as part of Forcepoint ONE SSE subscription along with the Forcepoint DLP data pattern. None of the other Forcepoint ONE SSE data patterns available in the page are supported with the Forcepoint DLP data pattern.
For all the FSM-based policies, Forcepoint ONE SSE executes the action returned by Forcepoint DLP.
If an action is returned by both the FSM-based policy (with Forcepoint DLP data pattern) and another SWG Content policy (with Anti-malware data pattern) in Forcepoint ONE SSE, the most severe action is enforced. The Deny action is the most severe and the Allow action is the least severe.
Using FSM-based policy with Forcepoint ONE SSE' SWG Content policy with Anti-malware data pattern together might result in FSM incidents displaying incorrect action details. To determine the actual action implemented, refer to the Forcepoint ONE SSE's Web DLP logs.