Endpoint
Forcepoint Endpoint clients run in the background on end user devices, providing a seamless browsing experience. Endpoint automatically authenticates users with the service, and provides policy enforcement and data security features. The endpoint client has been designed to consume minimal CPU, memory, and disk resources, and has tamper controls to prevent users disabling the software.
The endpoint client allows administrators to create policies that provide user-specific policy enforcement, with seamless authentication, full visibility of inbound and outbound traffic, and that don’t restrict use of the device.
- F1A: this endpoint client can be used in either proxy connect mode or direct connect mode, and can automatically switch from one to the other when necessary.
- Proxy Connect: also known as F1E proxy connect endpoint, this endpoint client redirects all traffic to the cloud proxy for analysis. Proxy connect is recommended for most scenarios, and supports the widest set of security features.
- Direct Connect: also known as F1E direct connect endpoint, this endpoint client contacts the cloud service for each request to determine whether to block or permit a website, but routes the web traffic itself directly to the Internet. Direct Connect also routes traffic to the cloud service to perform content analysis, if configured in your policy. Direct connect is recommended for scenarios in which proxy connections may be problematic, and in some circumstances can improve content localization.
The following diagram illustrates the connectivity for proxy connect (through F1A or F1E proxy connect endpoint) and direct connect (through F1A or F1E direct connect endpoint).
- In the first scenario, F1A or F1E operating in a proxy connect mode directs all web traffic via the cloud proxy. If the request is permitted, the proxy connects to the requested website and sends content back to the end-user client. (If the request is blocked, the user is shown a block page.)
- In the second scenario, a web request via F1A or F1E operating in a direct connect mode, consists of following two stages:
- The endpoint connects to the cloud service to look up the user’s policy settings for the requested site.
- If the request is permitted, the client then redirects the request directly to the Internet. (If the request is blocked, the user is redirected to a block page.)
If required, you can deploy a combination of proxy connect and direct connect endpoints in your organization. However, only one F1E endpoint instance (F1E proxy connect or F1E directory connect) can be installed on a client machine at any one time. The F1A endpoint agent includes both proxy connect and direct connect modes.
For more information about Forcepoint Endpoint software, including deployment options and configuration settings, see Web endpoint overview in the Forcepoint ONE Web Security Online help.