SEA Managed App traffic only
The Managed App traffic only mode is also known as CASB mode. In this mode, only managed applications’ traffic is proxied by SmartEdge Agent and all other traffic is proxied by F1A.
Installation and Configuration
- Install the SmartEdge Agent and F1A in any sequence as you desire.To know in detail, refer to:
- Configure the SmartEdge Agent and F1A as per the following:
SmartEdge Agent Configurations F1A Configurations On the Forcepoint ONE SSE, navigate to :- Select Managed App traffic only as Mode.
To know in detail, refer to Mode Option.
- Make sure that the Set PAC is set to enabled.
- Make sure that the Enable ZTNA Driver checkbox is unchecked.
- To save the changes, click Save.
On the Forcepoint ONE Data Security portal, navigate to :- Under the Intercept web traffic widget:
- Set Manage system proxy to Disabled
- Set Use Driver to capture Web Traffic to Enabled
- Under the Traffic Monitoring widget, make sure that the Perform SSL decryption is set to Enabled.
To know in detail, refer to Profiles
- To save the changes, click Save.
- Select Managed App traffic only as Mode.
- Set the use_f1e to false if use_f1e already exists. To know in detail, refer to Enabling Interoperability.
OR
If the use_f1e registry or plist entry is missing, then the SmartEdge agent assumes it as false.
Behavior
Following is the behavior of SmartEdge agent and F1A when the SmartEdge Agent is set to Managed App traffic only mode:
- SmartEdge Agent receives managed app traffic and forwards traffic to Forcepoint ONE SSE cloud where the SSE's upload and download DLP/AM are applied. F1A does not see managed app traffic.
- F1A picks up all other traffic using its driver and applies upload DLP policy to all other network channel traffic before sending to destination.