Direct Connect only
When the agent is configured to work in Direct Connect mode only then the agent performs periodic access checks every 60 sec to several well-known web-sites for which the expected response is known, such as https://captive.apple.com/ and few others. The goal is to verify:
- Direct access to the internet sending request to these web-sites directly (ignoring any configured proxy on the endpoint).
- Send direct request to the Cloud Security Gateway Disposition Service (ignoring any configured proxy on the endpoint).
Based on the above access tests results, the agent determines the mode to operate.
Direct Internet Access | Access to disposition service | Agent Mode of Operation | Comments |
---|---|---|---|
OK | OK | Direct Connect | |
FAIL | OK | Open | 1 |
OK | FAIL | The configured fallback mode | |
FAIL | FAIL | Open | 2 |
Comments:
- When working on premises behind a firewall, it is possible that direct access to the internet is blocked, whilst access to the Cloud Security Gateway disposition is allowed. In this option, Forcepoint ONE Data Security works in open mode allowing all traffic to be sent as is to its destination, because if Forcepoint ONE Data Security will intercept the traffic and try to send it direct to the internet the traffic will be blocked.
- When endpoint is running behind a captive portal (such as in airports or hotels) then the agent would allow traffic to go as-is and reach the captive portal web-page. After the user submits captive portal information, the captive portal will open internet access and the periodic check results will change.