Configuring FSM controlled policies for CASB and SWG channels

Forcepoint ONE SSE provides a capability to enforce DLP policy and associated actions setup in the Forcepoint Security Manager (FSM) for CASB and SWG channels in Forcepoint ONE SSE.

This functionality is helpful for the customers who have Forcepoint Enterprise DLP and would like to apply DLP Policies in the FSM for the CASB and SWG channels in Forcepoint ONE SSE.

Important: The procedure to integrate Forcepoint ONE SSE with Forcepoint ONE Data Security is same as integrating with on-premises FSM. To know about the Forcepoint ONE Data Security application, refer to Forcepoint ONE Data Security Online Help.

The integration between the Forcepoint ONE SSE and the Forcepoint DLP is achieved via multi-directional communications among the customer-deployed FSM server, the cloud-hosted Data Protection Service (DPS), and the Forcepoint ONE SSE cloud infrastructure.



  1. Policies are uploaded from the FSM to the cloud-hosted DPS.
  2. End-user transfers sensitive data from/to a cloud application that is under monitoring.
  3. This triggers the Forcepoint ONE SSE to send event details to the DPS for analysis.
  4. DPS returns the policy mitigation (for example: block or permit) post analysis.
  5. FSM downloads the incident and forensic information which can be viewed in the reporting section.

To know about end-to-end integration with FSM, refer to the following integration guides: