Forcepoint One Endpoint and how it works
Integrating Forcepoint One Endpoint enables you to collect per-connection user and application information about Windows endpoint clients that connect through an Secure SD-WAN Engine managed by the SMC.
To use Forcepoint One Endpoint, the Forcepoint One Endpoint client must be installed on the endpoints. For more information about Forcepoint One Endpoint clients, see the Installation and Deployment Guide for Forcepoint One Endpoint .
The endpoints send metadata to the Secure SD-WAN Engine, and you can use the information as criteria for access control in policies. This information about the endpoints can also be viewed in log data and used in Report elements.
On the home page for an Secure SD-WAN Engine, you can see the number of endpoint clients that are connected and sending information. You can also use the drill-down menu to see which users are connected.
Forcepoint One Endpoint is supported on Engines, Layer 2 Engines, IPS engines, and on Virtual Engines. The Secure SD-WAN Engine license includes support for Forcepoint One Endpoint integration.
You cannot use Forcepoint One Endpoint if there is a NAT device between the Secure SD-WAN Engines and the endpoints.
Use cases
An example use case is a point of sale (PoS) terminal. For example, you can:
- Allow a certain browser version to access the corporate intranet, only if the local engine on the endpoint is enabled and the operating system was updated within the past 30 days.
- Allow the PoS application to access corporate servers
- Allow the Windows Update service
- Block all other applications