SEA All HTTP/S Traffic
In the All HTTP/S Traffic mode, all traffic (managed app traffic and (SWG) web traffic) arrives first at SmartEdge Agent and is forwarded to F1A when required.
Installation and Configuration
- Install the SmartEdge Agent and F1A in any sequence as you desire.To know in detail, refer to:
- Configure the SmartEdge Agent and F1A as per the following:
SmartEdge Agent Configurations F1A Configurations On the Forcepoint ONE SSE, navigate to :- Select All HTTP/s traffic as Mode.
To know in detail, refer to Mode Option.
- Make sure that the Set PAC is set to enabled.
- Make sure that the Enable ZTNA Driver checkbox is unchecked.
- To save the changes, click Save.
On the Forcepoint ONE Data Security portal, navigate to :- Under the Intercept web traffic widget:
- Set Manage system proxy to Disabled
- Set Use Driver to capture Web Traffic to Enabled
- Under the Traffic Monitoring widget, make sure that the Perform SSL decryption is set to Enabled.
To know in detail, refer to Profiles
- To save the changes, click Save.
- Select All HTTP/s traffic as Mode.
- Set the use_f1e to true. To add use_f1e in registry or plist, refer to Enabling Interoperability.
Behavior
Following is the behavior of SmartEdge agent and F1A when the SmartEdge Agent is set to All HTTP/S Traffic mode:
- All traffic (managed app traffic and (SWG) web traffic) arrives first at SmartEdge Agent.
- Bypassed URL domains - SmartEdge Agent sends traffic Direct (Proxy Bypass) to destination where it is handled by F1A.
- Managed App Traffic - SmartEdge Agent receives managed app traffic and forwards traffic to Forcepoint ONE SSE cloud where the SSE upload and download DLP/AM are applied. F1A does not see managed app traffic.
- SWG traffic - For the web traffic, SWG polices are applied in the following sequence.
- When SWG Connection policy is applied, following is behavior:
- When Action is set to Deny, then traffic is dropped.
- When Action is set to Do Not Decrypt, then traffic sent to F1A, where F1A upload DLP policy is applied.
To know about SWG Connection policy in detail, refer to Configuring a SWG Connection Policy.
- When SWG Content policy is applied, following is behavior:
- When Action is set to Deny, then traffic is dropped and block page is displayed to users.
- When Action is set to Isolate, the traffic is redirected to RBI cloud.
- When Action is set to Direct App Access, then traffic sent to F1A, where F1A upload DLP policy is applied.
- When Action is set to Secure App Access with no upload DLP pattern configured, then SSE's Download DLP/AM policy is applied on traffic
and sends it to F1A, where F1A upload DLP policy is applied.Important: Secure App Access configured with upload DLP pattern is not supported.
To know about SWG Content policy in detail, refer to Configuring a SWG Content Policy.
- When SWG Connection policy is applied, following is behavior: