Direct Connect only
When Forcepoint Neo is configured to work in Direct Connect mode only then Forcepoint Neo performs periodic access checks every 60 sec to several well-known web-sites for which the expected response is known, such as https://captive.apple.com/ and few others. The goal is to verify:
- Direct access to the internet sending request to these web-sites directly (ignoring any configured proxy on the endpoint).
- Send direct request to the Cloud Security Gateway Disposition Service (ignoring any configured proxy on the endpoint).
Based on the above access tests results, ForcepointNeo determines the mode to operate.
| Direct Internet Access | Access to disposition service | Neo Mode of Operation | Comments |
|---|---|---|---|
| OK | OK | Direct Connect | |
| FAIL | OK | Open | 1 |
| OK | FAIL | The configured fallback mode | |
| FAIL | FAIL | Open | 2 |
Comments:
- When working on premises behind a firewall, it is possible that direct access to the internet is blocked, whilst access to the Cloud Security Gateway disposition is allowed. In this option, ForcepointNeo works in open mode allowing all traffic to be sent as is to its destination, because if ForcepointNeo will intercept the traffic and try to send it direct to the internet the traffic will be blocked.
- When endpoint is running behind a captive portal (such as in airports or hotels) then ForcepointNeo would allow traffic to go as-is and reach the captive portal web-page. After the user submits captive portal information, the captive portal will open internet access and the periodic check results will change.