New features

This release of the product includes this new feature. For more information, see the Forcepoint ONE SSE Admin Guide.

Firewall Application

Forcepoint ONE SSE now provides Firewall application as a pre-configured managed application. You can access the Firewall application only from the waffle switcher of Forcepoint ONE SSE only if your tenant is assigned and licensed for the Firewall application.

To know how to access the Firewall application from the Forcepoint ONE SSE, refer to Accessing Forcepoint ONE | Firewall application.

Cloud SWG Explicit Proxy

Forcepoint ONE SSE provides you the ability to enforce Cloud SWG policies simply by forwarding traffic from known locations (branch offices) using the Host PAC file and a Certificate for SSL decryption, without requiring a SmartEdge agent.

Important:
  • This feature is available to Early Access Customers in Trial and will be available to Limited Access customers in Production.
  • The SmartEdge Agent Proxy Chain Feature to exit traffic via the Cloud Explicit Proxy will not be available during Limited Access.
  • The SmartEdge Agent Proxy Chain Feature requires the 2.0.0 version of the SmartEdge Agent.
  • Product management approval is required for acceptance to the early access and limited access programs.

To know in-detail about the Cloud SWG Explicit Proxy, refer to Configuring explicit proxy.

Bypass Microsoft 365

If you are SWG only customer but not CASB and want to bypass Microsoft 365 domains when using the SmartEdge agent or Cloud SWG, then you can select the Bypass Microsoft 365 checkbox by navigating to the Protect > Forward Proxy > Settings page. When you select this checkbox, traffic from Microsoft 365 domains is bypassed on the SmartEdge agent proxy or Cloud SWG proxy and sent to internet directly.

Important:
  • This feature is available to Early Access Customers in Trial in December and will not be available to Limited Access customers in Production.
  • Product management approval is required for acceptance to the early access and limited access programs.

To know about the Bypass Microsoft 365 option, refer to Enabling Bypass Microsoft 365.

URL Lookup

Forcepoint ONE SSE provides you an inbuilt tool to review the category of a URL or IP entered by navigating to Support > URL Lookup page.

This is helpful in finding equivalent ThreatSeeker URL Categories, Enterprise App Categories, Web Browsing Categories along with their respective reputation scores for the entered URL or IP.

To know about the URL Lookup page, refer to Understanding URL Lookup page.

Exporting Custom URL Categories

Forcepoint ONE SSE enables you to export the Custom URL Categories, which you have configured under the Protect > Objects > Common Objects > Custom URL Categories widget, along with the predefined Web/ThreatSeeker Categories in xml format.

These categories should be imported to the Forcepoint Security Manager (FSM) and can be used while configuring SWG policies in the FSM for Forcepoint ONE SSE. To know how to import URL categories, refer to Forcepoint DLP and Forcepoint ONE SWG Integration Guide.

Importing SWG Content Policies

Forcepoint ONE SSE now provides admins the ability to import SWG Content policies via csv file into Forcepoint ONE SSE. This feature is useful for customers migrating from Cloud-Web to Forcepoint ONE SSE.

To know how to import SWG Content policy, refer to Importing SWG Content policies.

Cloud SWG Session Timeout

On the Protect > Forward Proxy > Settings page, the Cloud SWG Idle Session Timeout field is replaced with the Cloud SWG Session Timeout drop-down. From the Cloud SWG Session Timeout drop-down, you can define how often users’ session should last before enforcing authentication.

To know how to configure Cloud SWG Session Timeout, refer to Setting the Cloud SWG session timeout.

SWG POST/PUT Routing Changes

The SmartEdge agent will no longer send PUTS and POSTS to the cloud unless an Upload DLP policy has been configured.