Verify access and perform initial configurationDescribes about initial account configurations, such as creating and assigning administrator accounts and roles, and configuring portal access and timeout policies in Forcepoint ONE Security Service Edge.
Sections in Forcepoint ONE SSEForcepoint ONE SSE's navigation UI allows admins to quickly maneuver through the portal to make configuring Forcepoint ONE SSE simpler and more efficient.
Forcepoint ONE Bypass Lists for Firewalls and Security SoftwareEnsure the following domains/URLs are permitted through your firewall to guarantee seamless service and functionality while using Forcepoint ONE SSE services. Unless explicitly specified, most requests are made to Forcepoint ONE Cloud Services via HTTPS on port 443.
Forcepoint ONE SSE datacenters and IPsThis article will provide details on the AWS servers from which Forcepoint ONE SSE will send the traffic to your internal applications and servers.
Manage portal administratorsSystem Administrators can create and mange users, groups and admin roles.
Configuring Admin portal policyThe Forcepoint ONE SSE Admin Portal tile allows you to manage user or group access to the Forcepoint ONE SSE Admin Portal itself. You can access the Admin Portal tile under the Protect > Policies page.
Integrate identityYou can configure user identity settings and synchronize user information from your directory in order to assign policies to users or groups.
Provisioning usersPrior to an end user being able to use Forcepoint ONE SSE, the user must exist within the portal under the IAM > User and Groups page.
Authenticating usersForcepoint ONE SSE enables you to enforce user authentication using any one of the three methods.
Provisioning new domainsYou can provision as many email domains as you wish to add into the Forcepoint ONE SSE system. Every email domain that you wish to use within Forcepoint ONE SSE must be configured, along with a corresponding authentication type for users logging in with email addresses in that domain.
Configure common componentsDescribes how to configure common components such as login policies, various notifications, custom notification files and so on.
Configuring notifications and reportsAdmins can create custom notification objects that can be applied to policies and reports. This will determine which admins or users are notified when a policy is violated and what the custom message says.
Configuring custom notification filesThe Custom Notification Files are used when configuring a cloud policy to quarantine files when matching based on a condition. This file will replace the original file that is quarantined.
Custom URL CategoriesWhen using the SmartEdge agent or Cloud-SWG to provide controls over sites/applications based on application categories or trustworthiness, admins can create their own group of specific domains to apply policy to.
Adding custom locationsThe Custom Locations page located under Protect > Objects is where you can define custom locations that can be used on the policies page for controlling and performing actions in protected applications.
Configuring login policiesThe Forcepoint ONE SSE Login Policy allows admins to apply global login policies to their users across all protected cloud applications contextually based on a number of variables such as user group, device, location and behavior.
Set up automatic log collection for Shadow IT reportingThe Discovery Portal page is where you can upload Firewall/proxy logs or setup syslog streaming to be analyzed.
Configuring managed device identificationForcepoint ONE SSE provides three methods to distinguish between managed and unmanaged devices. This allows for greater restrictions to be applied to users using unmanaged devices.
Setup traffic steeringForcepoint ONE SSE supports SmartEdge Agent and Cloud SWG traffic steering methods. This chapter describes steps to deploy each of those so that traffic can be forwarded to Forcepoint ONE SSE.
Deploying SmartEdge AgentForcepoint ONE SSE's SmartEdge endpoint agent provides Secure Web Gateway (SWG) controls on managed devices without the latency or overhead costs involved with backhauled cloud proxies or physical SWG boxes.
Deploying Cloud SWGCloud SWG solution enables web traffic filtering when a SmartEdge agent cannot be deployed on the end user's machine, such as for Guest users or IoT devices or when the organization does not want to deploy an agent.
Deploying Mobile AgentForcepoint ONE Mobile enables productivity via secure web access to corporate resources while protecting the user’s mobile device from web threats. It provides protection to iOS and iPadOS devices.
Configuring SWG settingsOn the Protect > Forward Proxy > Settings page, you can set Cloud SWG Session Timeout, Cloud SWG Certificate Authority and Bypass Domains, Explicit Proxy PAC URLs and Bypass Domains, Host IPs or Subnets.
Configure DLPDLP is a data loss prevention capability that allows for pattern matching (via regular expressions and keywords) against data as it is either being downloaded, uploaded, or scanned via API at rest.
Predefined DLP patternsPredefined DLP patterns are those data patterns which are already available in Forcepoint ONE SSE and can be used while configuring policies.
Creating simple data patternSimple patterns allow you to set specific keyword triggers, create regular expressions, or use special keywords to match custom properties.
Creating advanced data patternAdvanced DLP Pattern Objects allow you to form more complicated patterns that use several primitives combined into expressions using boolean logic, including weighted counts of the number of matches found for specified DLP patterns.
Creating exact match data patternAllows you to upload a tokenized csv file to scan through your data-at-rest looking for exact matches based on the data in the uploaded file. You can create an Exact Match pattern in a similar way to creating a Simple or Advanced pattern.
Creating file fingerprinting data patternThe File Fingerprinting type allows you to create a fingerprint based on a doc or a number of docs to perform a percentage-based match.
Creating file mime data patternFile Mime Type allows you to create a pattern looking at the mime type (the format of the file itself) rather than based on the content inside of the file.
Creating file size data patternAdmins can also choose to control files based on their size. This will allow admins to ensure that users are not downloading large files or preventing large files from being uploaded to their sanctioned cloud storage application.
Creating file metadata data patternThe File Metadata data pattern type allows you to specify the exact inherent metadata and value you wish to match on.
Configuring FSM/FONE DS controlled policies for CASB and SWG channelsForcepoint ONE SSE provides a capability to enforce DLP policy and associated actions setup in the Forcepoint Security Manager (FSM) or Forcepoint ONE Data Security (FONE DS) for CASB and SWG channels in Forcepoint ONE SSE.
Configuring Advanced Threat ProtectionForcepoint ONE SSE provides Advanced Threat Protection (ATP) via partnerships with Crowdstrike and Bitdefender.
Understanding Field Programmable SASE LogicField Programmable SASE Logic (FPSL) provides unprecedented support for inline controls over user action and activities within cloud services.
Configure Zero Trust Network AccessForcepoint ONE SSE's Agentless and Agent-based Zero Trust Network Access (ZTNA) provides an alternative to VPNs allowing admins to provide inline protection to internal apps without the need for VPN service to be running on the user's local machine.
Creating a custom location objectBefore installing ZTNA Connector on client server, you should create a custom location object with the external IP range of your office location or datacenter in Forcepoint ONE SSE as this is needed during ZTNA connector installation.
Installing the ZTNA connectorAfter creating the custom location object, install the ZTNA connector using OVA Virtual Appliance or by using ZTNA Deployment Script. You can install the OVA Virtual Appliance within your server or you can install via a ZTNA Deployment Script.
Configuring the ZTNA connectorOnce you are done with installation the ZTNA package (either via OVA Virtual Appliance or the ZTNA Deployment Script), you will now need to run the ZTNA setup script for configuration.
Viewing ZTNA connectorsAll the installed and configured ZTNA connectors can be seen under Analyze > Connectors page.
Managing agentless ZTNA applicationsAfter installing and configuring the ZTNA connector, you can add internal application or service to Forcepoint ONE SSE to provide contextual access controls to users via HTTP or HTTPS.
Managing agent-based ZTNA applicationsAfter installing and configuring the ZTNA connector, you can add an internal application or service to Forcepoint ONE SSE like SSH, RDP, HTTP, HTTPS, SMB and SFTP to provide contextual access controls for users.
Protect cloud applicationsThis chapter describes how to setup various cloud applications in Forcepoint ONE SSE so that Admins can monitor the data at rest and data in motion.
Adding managed cloud applicationsThere are two primary ways for adding a licensed application.
Protecting data at restYou can configure various cloud applications to enable offline scanning of cloud applications.
Protecting data in motionYou can configure single sign-on for cloud applications and then configure policies to audit and control access to these protected cloud applications.
Configuring direct set cookiesAt times you may encounter applications that set cookies on direct request that prevents or breaks a login attempt to an application with users being sent through the Forcepoint ONE SSE reverse proxy.
Configure policiesDescribes how to configure policies for your application in Forcepoint ONE SSE portal so that you can monitor the data at rest and data in motion.
Configuring proxy policy actionsThe final column under each app titled Actions allows you to apply DLP policy actions via secure app access, grant direct app access, isolate (only for SWG Content Policy) or deny access to the app.
Configuring API policiesEach application can have multiple cloud policy rules which are evaluated in a top down fashion until a match is found. All rule criteria must match for the actions to be applied.
Creating an agent-based ZTNA policyOnce Agent-based application is configured and saved, a default policy gets created under Policies page.
Configuring SWG policiesYou can configure SWG Connection Policy, Cloud SWG Authentication Policy and SWG Content Policy to manage traffic through Cloud SWG and SmartEdge agent.
Monitor and analyze trafficYou can perform steps to monitor and analyze the traffic. Forcepoint ONE SSE Log Export REST API allows customers to query and pull cloud and access Logs. Alternatively, customers with Splunk or QRadar can instead utilize the Forcepoint ONE SSE Splunk app or the Forcepoint ONE SSE QRadar App for easy integration with the Forcepoint ONE SSE REST API to extract Forcepoint ONE SSE logs.
Exporting logs using APIForcepoint ONE SSE Log Export REST API allows customers to query and pull Cloud and Access Logs.
Integrating QRadar application with Forcepoint ONE SSE using Bitglass applicationForcepoint ONE SSE provides a QRadar app within the QRadar hub for easily integrating with Forcepoint ONE SSE's REST API for pulling Forcepoint ONE SSE logs into QRadar.
Integrating Splunk application with Forcepoint ONE SSE using Bitglass applicationForcepoint ONE SSE provides a Splunk app on Splunkbase for easily integrating with Forcepoint ONE SSE's REST API for pulling Forcepoint ONE SSE logs.
Integrating Splunk application with Forcepoint ONE SSE using Forcepoint FONE AppForcepoint provides a Splunk app on Splunkbase for easily integrating with Forcepoint ONE SSE's AWS S3 data lake for pulling Forcepoint ONE SSE SWG Web raw logs for Allowed, Denied, Process via Cloud and Isolated actions.
Reviewing logsAdmin can review various logs generated for user activities.
Reviewing Data Security dashboardThe Data Security page provides information on sensitive data and its exposure across different mediums.
Reviewing Threat dashboardThe Threat page provides information on malware that is detected in motion or within cloud repositories.
Reviewing SWG Web Browsing dashboard with Webroot URL CategoriesForcepoint ONE SSE's SmartEdge agent and Cloud SWG can also generate ShadowIT logs for web browsing.
Reviewing SWG Web Browsing dashboard with ThreatSeeker URL CategoriesForcepoint ONE SSE's SmartEdge agent and Cloud SWG can also generate ShadowIT logs for web browsing.
Reviewing SWG Enterprise Apps dashboardForcepoint ONE SSE's SmartEdge agent and Cloud SWG can also generate ShadowIT logs for enterprise applications.
Configure applicationsForcepoint ONE SSE supports various cloud applications so that Admins can monitor data which is in transit, in motion and at rest.
MicrosoftForcepoint ONE SSE supports the ability to control access to Microsoft 365 via SSO and API. Forcepoint ONE SSE also supports CSPM audit scanning for Azure.
Google WorkspaceForcepoint ONE SSE supports the ability to control access to Google Workspace and Google Cloud Platform (GCP) via SSO and API. Forcepoint ONE SSE also supports CSPM audit scanning for GCP.
DropboxForcepoint ONE SSE supports the ability to control access to Dropbox via SSO and API.
BoxForcepoint ONE SSE supports the ability to control access to Box via SSO and API.
AWSForcepoint ONE SSE supports the ability to control access to AWS via SSO and API. Forcepoint ONE SSE also supports CSPM audit scanning.
SlackForcepoint ONE SSE supports the ability to control access to Slack via SSO and API.
SalesforceForcepoint ONE SSE supports the ability to control access to Salesforce via SSO and API.
ServiceNowForcepoint ONE SSE supports the ability to control access to ServiceNow via SSO and API. Also, Forcepoint ONE SSE supports SSPM scanning feature.
Atlassian (Confluence and JIRA)Forcepoint ONE SSE supports the ability to control access to Atlassian via SSO and API.
GitHub Forcepoint ONE SSE provides SSO and API integrations with GitHub in order to scan and surface sensitive data at rest.
Egnyte: Configuring API accessThis guide page will walk you through how to setup Egnyte for API scanning with Forcepoint ONE SSE. It is important to note that Egnyte enforces API rate limits on all tenants which will not be suitable enough for Forcepoint ONE SSE API scanning.
Configure Forcepoint Security ManagerForcepoint Security Manager (FSM) is an Any HTTP/S ZTNA App/Service application which can be used for adding multiple FSM ZTNA internal applications while onboarding a large customer.
Cisco WebEx Teams (Formerly Spark): Configuring API accessForcepoint ONE SSE can provide visibility into data at rest inside of Cisco WebEx Teams (Spark) and quarantine sensitive files.
Mobile Mail Cutoff (M365, Google, Exchange)Mobile Mail cutoff features enable you to enforce that all ActiveSync traffic goes through Forcepoint ONE SSE.