Endpoint connectivity

The following diagram illustrates the connectivity for Proxy Connect (through Neo or the Classic Proxy Connect endpoint) and Direct Connect (through Neo or the Cassic Direct Connect endpoint).

The diagram shows the two different endpoint versions servicing a web request:

  1. In the first scenario, F1A or F1E operating in a proxy connect mode directs all web traffic via the cloud proxy. If the request is permitted, the proxy connects to the requested website and sends content back to the enduser client. (If the request is blocked, the user is shown a block page.)
  2. In the second scenario, a web request via F1A or F1E operating in a direct connect mode, consists of following two stages:
    1. The endpoint connects to the cloud service to look up the user’s policy settings for the requested site.
    2. If the request is permitted, the client then redirects the request directly to the Internet. (If the request is blocked, the user is redirected to a block page.)

If required, you can deploy a combination of proxy connect and direct connect endpoints in your organization. However, only one F1E endpoint instance (F1E proxy connect or F1E directory connect) can be installed on a client machine at any one time. The F1A endpoint agent includes both proxy connect and direct connect modes.

Note:

F1A is regarded as the default option and is recommended for most situations.

If in doubt about which version is appropriate for your deployment, please consult the endpoint release notes, and/or contact Technical Support for advice.