Deploying SmartEdge Agent

Forcepoint ONE SSE's SmartEdge endpoint agent provides Secure Web Gateway (SWG) controls on managed devices without the latency or overhead costs involved with backhauled cloud proxies or physical SWG boxes.

The SmartEdge agent executes policies from the agent itself eschewing the need to wait for the device to connect to a network box or cloud proxy before policies are applied. This also ensures protection of user credentials and traffic since neither the users credentials nor their private traffic are inspected at the cloud proxy, instead being handled locally on the device. To learn about how to setup the web proxy policies, refer to Configuring SWG policies.

The SmartEdge agent supports TLS 1.3 towards the browser when forwarding traffic to TLS 1.3 capable websites or when accessing Forcepoint ONE SSE Cloud services. All services hosted in Forcepoint ONE SSE cloud and the reverse proxy and forward proxy dataplane connections are also protected with TLS 1.3 when the peer supports it. If the remote peer does not support TLS 1.3, then the connection will fall back to the most secure TLS version supported by the peer, but not lower than TLS 1.1.

The SmartEdge agent supports dual stack functionality for IPv6. Currently, IPv6 only mode operation is not supported.

The SmartEdge Agent sends managed applications traffic to the cloud to enforce configured upload DLP policies. Similarly, the SmartEdge agent sends PUTS and POSTS to the cloud only if upload DLP policies are configured. GETS are always sent directly to internet. If upload DLP is not configured, PUTS and POSTS are also sent directly to internet.

Following sections will walk you through how to install and configure the SmartEdge agent.