Configuring the Neo connection mode in the Cloud Security Gateway portal

Configure the Neo connection mode in the Cloud Security Gateway portal. There are three options: intelligent auto-switching, proxy connect, and direct connect.

Neo can be configured to run in proxy connect only mode, direct connect only mode, or automatically switch between the two.

  • Proxy connect mode: When Neo is in proxy connect mode, Neo redirects web traffic through the cloud proxy to the Internet. If the connection to the cloud proxy is unavailable, then Neo falls back to the configured Fallback mode.
  • Direct connect mode: When Neo is in direct connect mode, Neo does not redirect web traffic through the cloud proxy. All web traffic connects to the Internet directly. Neo connects to a disposition server to receive web policies. If the connection to the disposition server is unavailable, then Neo falls back to the configured Fallback mode.
  • Intelligent auto-switching mode: When Neo is in auto-switching mode, Neo starts in proxy connect mode and web traffic is redirected through the cloud proxy to the Internet. Neo switches to direct connect mode if:
    • Connectivity to the cloud proxy is lost.
    • Proxy connection performance is degraded. Neo checks the connection latency performance every 30 minutes and compares the speed of the proxy connection and the direct connection. If the proxy connection is 3 times slower than the direct connection, Neo switches to direct connect mode. When the proxy connection performance is no longer 3 times slower, Neo switches back to proxy connect mode.

    Neo switches back to proxy connect mode if:

    • Connectivity to the cloud proxy is restored.
    • Proxy connection performance improves. Neo checks the connection latency performance every 30 minutes and compares the speed of the proxy connection and the direct connection. When the proxy connection performance is no longer 3 times slower, Neo switches back to proxy connect mode.

    If the connections to both the cloud proxy and disposition server are unavailable, then Neo falls back to the configured Fallback mode.

Note: In case PCEP is 10 times slower than DCEP then Forcepoint Neo switches to the DCEP mode otherwise switches back or stays in PCEP mode, then check is done every every 30 seconds.