New features

This release of the product includes these new features. For more information and configuration instructions, see the Forcepoint Network Security Platform Product Guide, the Forcepoint Network Security Platform Installation Guide, and the Forcepoint NGFW Manager and VPN Broker Product Guide.

IPv6 Support for Modem (LTE/5G) Interfaces

Modem interfaces can now be configured to acquire dynamic IPv6 address.

Multiple LTE/5G APN for Modem interfaces

Added support for configuring multiple LTE/5G Access Point Names (APNs) to enable advanced network connectivity requirements.

Local Web Content Classification for Uncategorized URLs

Added support for real-time methods for local scanning to enable content classification based on the actual web page content when a predefined URL category is not available in the local database. This reduces reliance on cloud queries and minimizes Unknown results. This feature is available in engines with URL Filtering license and 16 GB or more memory. For more details, refer to the Enable ThreatSeeker topic in the Forcepoint Network Security Platform Online Help.

Quarantine for Malicious Files

Added the ability to quarantine and store malicious files identified by File Filtering policy rules, enabling secure forensic analysis via the Log Server.

Replicate a VPN gateway element from primary engine to secondary engine

Added support to replicate a VPN Gateway from a primary Engine to secondary Engine, enabling shared VPN configuration in policy-based VPN setups. For more details, refer to the Replicating a VPN Gateway element from the Primary Engine to the Secondary Engine topic in the Forcepoint Network Security Platform Online Help.

Security Engine HA with Policy-Based VPN in Cloud Environments

Enables multiple Engines to share an identical VPN gateway configuration, allowing for seamless failover and load balancing in cloud and disaster recovery environments using the High Availability (HA) script. For more details, refer to the 000012534 Knowledge Base Article.

Traffic Flow Confidentiality

Added support for Precedence Hiding via Differentiated Services Code Point (DSCP) copy restriction and Traffic Flow Confidentiality (TFC) Padding to strengthen data privacy and obfuscate traffic patterns in VPN profiles. For more details, refer to the Create VPN Profile elements topic, in the Forcepoint Network Security Platform Online Help.

In-band user authentication tracking for HTTP connections

Enables granular user tracking for multi-user hosts and NAT environments by utilizing encrypted HTTP cookies to bind authentication and connection confirmation for specific browser sessions. For more details, refer to the Browser Session Options section in the Define Action options in Access rules topic, in the Forcepoint Network Security Platform Online Help.

Confirm Action in User Response

Added support for a Confirm user response action that prompts users before continuing to a target domain and caches their confirmation in an encrypted HTTP cookie to bypass subsequent prompts.

Tagged and Untagged VLANs on the same Physical Interface

Engines now support configuring a native VLAN on physical interfaces, allowing both tagged and untagged traffic to be processed on Layer 3 Physical Interfaces.