Configuring the agent connection mode in the Forcepoint Cloud Security Gateway portal

Configure the agent connection mode in the Forcepoint Cloud Security Gateway portal. There are three options: intelligent auto-switching, proxy connect, and direct connect.

The agent can be configured to run in proxy connect only mode, direct connect only mode, or automatically switch between the two.

  • Proxy connect mode: When the agent is in proxy connect mode, the agent redirects web traffic through the cloud proxy to the Internet. If the connection to the cloud proxy is unavailable, then the agent falls back to the configured Fallback mode.
  • Direct connect mode: When the agent is in direct connect mode, the agent does not redirect web traffic through the cloud proxy. All web traffic connects to the Internet directly. The agent connects to a disposition server to receive web policies. If the connection to the disposition server is unavailable, then the agent falls back to the configured Fallback mode.
  • Intelligent auto-switching mode: When the agent is in auto-switching mode, the agent starts in proxy connect mode and web traffic is redirected through the cloud proxy to the Internet. Forcepoint ONE Data Security switches to direct connect mode if:
    • Connectivity to the cloud proxy is lost.
    • Proxy connection performance is degraded. The agent checks the connection latency performance every 30 minutes and compares the speed of the proxy connection and the direct connection. If the proxy connection is 3 times slower than the direct connection, the agent switches to direct connect mode. When the proxy connection performance is no longer 3 times slower, the agent switches back to proxy connect mode.

    The agent switches back to proxy connect mode if:

    • Connectivity to the cloud proxy is restored.
    • Proxy connection performance improves. The agent checks the connection latency performance every 30 minutes and compares the speed of the proxy connection and the direct connection. When the proxy connection performance is no longer 3 times slower, The agent switches back to proxy connect mode.

    If the connections to both the cloud proxy and disposition server are unavailable, then the agent falls back to the configured Fallback mode.

Note: In case PCEP is 10 times slower than DCEP then the agent switches to the DCEP mode otherwise switches back or stays in PCEP mode, then check is done every every 30 seconds.