Proxy Connect Only
When Forcepoint Neo is configured to work in Proxy Connect only mode, ForcepointNeo performs periodic access checks every 60 seconds to several well-known web-sites for which the expected response is known, such as https://captive.apple.com/ and few others. The goal is to verify:
- Direct access to the internet sending request to these web-sites directly (ignoring any configured proxy on the endpoint).
- Access these web-sites by forwarding the traffic to the Cloud Security Gateway (CSG proxy).
Based on the above access tests results, ForcepointNeo determines the mode to operate.
| Direct Internet Access | Access Via CSG proxy | Neo Mode of Operation | Comments |
|---|---|---|---|
| OK | OK | Proxy Connect | |
| FAIL | OK | Proxy Connect | 1 |
| OK | FAIL | The configured fallback mode | |
| FAIL | FAIL | Open | 2 |
Comments
- When working on premises behind a firewall, it is possible that direct access to the internet is blocked, whilst access to the Cloud Security Gateway Proxy might be allowed.
- When the endpoint is running behind a captive portal (such as in airports or hotels) then Forcepoint Neo would allow traffic to go as-is and reach the captive portal web-page. After the user submits captive portal information, the captive portal will open internet access and the periodic check results will change.