Step8: Configure SWG content policies for SWG access in Forcepoint Data Security Cloud | SSE

Describes how to configure SWG content policy in Forcepoint Data Security Cloud | SSE.

A new predefined data pattern named Forcepoint DLP is available under Protect > Objects > DLP Objects page once a valid DPS license is uploaded to Forcepoint Data Security Cloud | SSE.

After uploading and validating DPS JSON license in Forcepoint Data Security Cloud | SSE, you can now use Forcepoint DLP data pattern in Secure App Access policy action modals as a Data pattern in all your SWG policies.



Forcepoint DLP Data Pattern in SWG Content Policy

After uploading and validating JSON license file, you can use the Forcepoint DLP data pattern while configuring SWG Content Policy. Refer to SWG Content Policy to create or edit existing policy.

While creating SWG content policy, if you select Forcepoint DLP as the data pattern in any of the Actions dialog for Secure App Access, then:

  • The FSM Enforced option gets populated in Action field as the action is configured on the FSM. The FSM Enforced is the only option available for selection.

    If an action other than Allow that is not supported by the application is returned when using Forcepoint DLP data pattern, Forcepoint Data Security Cloud | SSE translates it as a Deny.

    To send notifications when the Forcepoint DLP returns an action other than Allow, click Notify.



While configuring the SWG Content policy, you can select only Anti-malware data patterns that you have purchased as part of Forcepoint Data Security Cloud | SSE subscription along with the Forcepoint DLP data pattern. None of the other Forcepoint Data Security Cloud | SSE data patterns available in the Protect > Objects > DLP Objects page are supported with the Forcepoint DLP data pattern.

For all the FSM-based policies, Forcepoint Data Security Cloud | SSE executes the action returned by Forcepoint DLP.

If an action is returned by both the FSM-based policy (with Forcepoint DLP data pattern) and another SWG Content policy (with Anti-malware data pattern) in Forcepoint Data Security Cloud | SSE, the most severe action is enforced. The Deny action is the most severe and the Allow action is the least severe.

Using FSM-based policy with Forcepoint Data Security Cloud | SSE' SWG Content policy with Anti-malware data pattern together might result in FSM incidents displaying incorrect action details. To determine the actual action implemented, refer to the Forcepoint Data Security Cloud | SSE's Web DLP logs.