Step8: Configure SWG content policies for SWG access in Forcepoint ONE SSE

Forcepoint DLP Data Pattern in SWG Content Policy

After uploading and validating JSON license file, you can use the Forcepoint DLP data pattern while configuring SWG Content Policy. Refer to SWG Content Policy to create or edit existing policy.

While creating SWG content policy, if you select Forcepoint DLP as the data pattern in any of the Actions dialog for Secure App Access, then:

• The FSM Enforced option gets populated in Action field as the action is configured on the FSM. The FSM Enforced is the only option available for selection.

  If an action other than Allow that is not supported by the application is returned when using Forcepoint DLP data pattern, Forcepoint ONE SSE translates it as a Deny.

  To send notifications when the Forcepoint DLP returns an action other than Allow, click Notify.

  
  
  

While configuring the SWG Content policy, you can select only Anti-malware data patterns that you have purchased as part of Forcepoint ONE SSE subscription along with the Forcepoint DLP data pattern. None of the other Forcepoint ONE SSE data patterns available in the Protect > Objects > DLP Objects page are supported with the Forcepoint DLP data pattern.

For all the FSM-based policies, Forcepoint ONE SSE executes the action returned by Forcepoint DLP.

If an action is returned by both the FSM-based policy (with Forcepoint DLP data pattern) and another SWG Content policy (with Anti-malware data pattern) in Forcepoint ONE SSE, the most severe action is enforced. The Deny action is the most severe and the Allow action is the least severe.

Using FSM-based policy with Forcepoint ONE SSE' SWG Content policy with Anti-malware data pattern together might result in FSM incidents displaying incorrect action details. To determine the actual action implemented, refer to the Forcepoint ONE SSE's Web DLP logs.