Verify access and perform initial configuration
Describes about initial account configurations, such as creating and assigning administrator accounts and roles, and configuring portal access and timeout policies in Forcepoint ONE Security Service Edge.
Sections in Forcepoint ONE SSE
Forcepoint ONE SSE's navigation UI allows admins to quickly maneuver through the portal to make configuring Forcepoint ONE SSE simpler and more efficient.
Forcepoint ONE Bypass Lists for Firewalls and Security Software
Ensure the following domains/URLs are permitted through your firewall to guarantee seamless service and functionality while using Forcepoint ONE SSE services. Unless explicitly specified, most requests are made to Forcepoint ONE Cloud Services via HTTPS on port 443.
Forcepoint ONE SSE datacenters and IPs
This article will provide details on the AWS servers from which Forcepoint ONE SSE will send the traffic to your internal applications and servers.
Manage portal administrators
System Administrators can create and mange users, groups and admin roles.
Configuring Admin portal policy
The Forcepoint ONE SSE Admin Portal tile allows you to manage user or group access to the Forcepoint ONE SSE Admin Portal itself. You can access the Admin Portal tile under the Protect > Policies page.
Integrate identity
You can configure user identity settings and synchronize user information from your directory in order to assign policies to users or groups.
Provisioning users
Prior to an end user being able to use Forcepoint ONE SSE, the user must exist within the portal under the IAM > User and Groups page.
Authenticating users
Forcepoint ONE SSE enables you to enforce user authentication using any one of the three methods.
Provisioning new domains
You can provision as many email domains as you wish to add into the Forcepoint ONE SSE system. Every email domain that you wish to use within Forcepoint ONE SSE must be configured, along with a corresponding authentication type for users logging in with email addresses in that domain.
Configure common components
Describes how to configure common components such as login policies, various notifications, custom notification files and so on.
Configuring notifications and reports
Admins can create custom notification objects that can be applied to policies and reports. This will determine which admins or users are notified when a policy is violated and what the custom message says.
Configuring custom notification files
The Custom Notification Files are used when configuring a cloud policy to quarantine files when matching based on a condition. This file will replace the original file that is quarantined.
Custom URL Categories
When using the SmartEdge agent or Cloud-SWG to provide controls over sites/applications based on application categories or trustworthiness, admins can create their own group of specific domains to apply policy to.
Adding custom locations
The Custom Locations page located under Protect > Objects is where you can define custom locations that can be used on the policies page for controlling and performing actions in protected applications.
Configuring login policies
The Forcepoint ONE SSE Login Policy allows admins to apply global login policies to their users across all protected cloud applications contextually based on a number of variables such as user group, device, location and behavior.
Set up automatic log collection for Shadow IT reporting
The Discovery Portal page is where you can upload Firewall/proxy logs or setup syslog streaming to be analyzed.
Configuring managed device identification
Forcepoint ONE SSE provides three methods to distinguish between managed and unmanaged devices. This allows for greater restrictions to be applied to users using unmanaged devices.
Setup traffic steering
Forcepoint ONE SSE supports SmartEdge Agent and Cloud SWG traffic steering methods. This chapter describes steps to deploy each of those so that traffic can be forwarded to Forcepoint ONE SSE.
Deploying SmartEdge Agent
Forcepoint ONE SSE's SmartEdge endpoint agent provides Secure Web Gateway (SWG) controls on managed devices without the latency or overhead costs involved with backhauled cloud proxies or physical SWG boxes.
Deploying Cloud SWG
Cloud SWG solution enables web traffic filtering when a SmartEdge agent cannot be deployed on the end user's machine, such as for Guest users or IoT devices or when the organization does not want to deploy an agent.
Deploying Mobile Agent
Forcepoint ONE Mobile enables productivity via secure web access to corporate resources while protecting the user’s mobile device from web threats. It provides protection to iOS and iPadOS devices.
Configuring SWG settings
On the Protect > Forward Proxy > Settings page, you can set Cloud SWG Session Timeout, Cloud SWG Certificate Authority and Bypass Domains, Explicit Proxy PAC URLs and Bypass Domains, Host IPs or Subnets.
Configure DLP
DLP is a data loss prevention capability that allows for pattern matching (via regular expressions and keywords) against data as it is either being downloaded, uploaded, or scanned via API at rest.
Predefined DLP patterns
Predefined DLP patterns are those data patterns which are already available in Forcepoint ONE SSE and can be used while configuring policies.
Creating simple data pattern
Simple patterns allow you to set specific keyword triggers, create regular expressions, or use special keywords to match custom properties.
Creating advanced data pattern
Advanced DLP Pattern Objects allow you to form more complicated patterns that use several primitives combined into expressions using boolean logic, including weighted counts of the number of matches found for specified DLP patterns.
Creating exact match data pattern
Allows you to upload a tokenized csv file to scan through your data-at-rest looking for exact matches based on the data in the uploaded file. You can create an Exact Match pattern in a similar way to creating a Simple or Advanced pattern.
Creating file fingerprinting data pattern
The File Fingerprinting type allows you to create a fingerprint based on a doc or a number of docs to perform a percentage-based match.
Creating file mime data pattern
File Mime Type allows you to create a pattern looking at the mime type (the format of the file itself) rather than based on the content inside of the file.
Creating file size data pattern
Admins can also choose to control files based on their size. This will allow admins to ensure that users are not downloading large files or preventing large files from being uploaded to their sanctioned cloud storage application.
Creating file metadata data pattern
The File Metadata data pattern type allows you to specify the exact inherent metadata and value you wish to match on.
Configuring FSM/FONE DS controlled policies for CASB and SWG channels
Forcepoint ONE SSE provides a capability to enforce DLP policy and associated actions setup in the Forcepoint Security Manager (FSM) or Forcepoint ONE Data Security (FONE DS) for CASB and SWG channels in Forcepoint ONE SSE.
Configuring Advanced Threat Protection
Forcepoint ONE SSE provides Advanced Threat Protection (ATP) via partnerships with Crowdstrike and Bitdefender.
Understanding Field Programmable SASE Logic
Field Programmable SASE Logic (FPSL) provides unprecedented support for inline controls over user action and activities within cloud services.
Configure Zero Trust Network Access
Forcepoint ONE SSE's Agentless and Agent-based Zero Trust Network Access (ZTNA) provides an alternative to VPNs allowing admins to provide inline protection to internal apps without the need for VPN service to be running on the user's local machine.
Creating a custom location object
Before installing ZTNA Connector on client server, you should create a custom location object with the external IP range of your office location or datacenter in Forcepoint ONE SSE as this is needed during ZTNA connector installation.
Installing the ZTNA connector
After creating the custom location object, install the ZTNA connector using OVA Virtual Appliance or by using ZTNA Deployment Script. You can install the OVA Virtual Appliance within your server or you can install via a ZTNA Deployment Script.
Configuring the ZTNA connector
Once you are done with installation the ZTNA package (either via OVA Virtual Appliance or the ZTNA Deployment Script), you will now need to run the ZTNA setup script for configuration.
Viewing ZTNA connectors
All the installed and configured ZTNA connectors can be seen under Analyze > Connectors page.
Managing agentless ZTNA applications
After installing and configuring the ZTNA connector, you can add internal application or service to Forcepoint ONE SSE to provide contextual access controls to users via HTTP or HTTPS.
Managing agent-based ZTNA applications
After installing and configuring the ZTNA connector, you can add an internal application or service to Forcepoint ONE SSE like SSH, RDP, HTTP, HTTPS, SMB and SFTP to provide contextual access controls for users.
Protect cloud applications
This chapter describes how to setup various cloud applications in Forcepoint ONE SSE so that Admins can monitor the data at rest and data in motion.
Adding managed cloud applications
There are two primary ways for adding a licensed application.
Protecting data at rest
You can configure various cloud applications to enable offline scanning of cloud applications.
Protecting data in motion
You can configure single sign-on for cloud applications and then configure policies to audit and control access to these protected cloud applications.
Configuring direct set cookies
At times you may encounter applications that set cookies on direct request that prevents or breaks a login attempt to an application with users being sent through the Forcepoint ONE SSE reverse proxy.
Configure policies
Describes how to configure policies for your application in Forcepoint ONE SSE portal so that you can monitor the data at rest and data in motion.
Configuring contextual access control
Configuring proxy policy actions
The final column under each app titled Actions allows you to apply DLP policy actions via secure app access, grant direct app access, isolate (only for SWG Content Policy) or deny access to the app.
Configuring API policies
Each application can have multiple cloud policy rules which are evaluated in a top down fashion until a match is found. All rule criteria must match for the actions to be applied.
Creating an agent-based ZTNA policy
Once Agent-based application is configured and saved, a default policy gets created under Policies page.
Configuring SWG policies
You can configure SWG Connection Policy, Cloud SWG Authentication Policy and SWG Content Policy to manage traffic through Cloud SWG and SmartEdge agent.
Monitor and analyze traffic
You can perform steps to monitor and analyze the traffic. Forcepoint ONE SSE Log Export REST API allows customers to query and pull cloud and access Logs. Alternatively, customers with Splunk or QRadar can instead utilize the Forcepoint ONE SSE Splunk app or the Forcepoint ONE SSE QRadar App for easy integration with the Forcepoint ONE SSE REST API to extract Forcepoint ONE SSE logs.
Exporting logs using API
Forcepoint ONE SSE Log Export REST API allows customers to query and pull Cloud and Access Logs.
Integrating QRadar application with Forcepoint ONE SSE using Bitglass application
Forcepoint ONE SSE provides a QRadar app within the QRadar hub for easily integrating with Forcepoint ONE SSE's REST API for pulling Forcepoint ONE SSE logs into QRadar.
Integrating QRadar application with Forcepoint ONE SSE using Forcepoint ONE application
Forcepoint ONE SSE provides a QRadar app within the QRadar hub for easily integrating with Forcepoint ONE SSE's REST API for pulling Forcepoint ONE SSE logs into QRadar. You will first need to create an Access Point in Forcepoint ONE SSE and then download the Forcepoint ONE App from the QRadar app hub before you install the extension into your QRadar setup. Once installed, you can then configure the setup to start pulling logs.
Integrating Splunk application with Forcepoint ONE SSE using Bitglass application
Forcepoint ONE SSE provides a Splunk app on Splunkbase for easily integrating with Forcepoint ONE SSE's REST API for pulling Forcepoint ONE SSE logs.
Integrating Splunk application with Forcepoint ONE SSE using Forcepoint FONE App
Forcepoint provides a Splunk app on Splunkbase for easily integrating with Forcepoint ONE SSE's AWS S3 data lake for pulling Forcepoint ONE SSE SWG Web raw logs for Allowed, Denied, Process via Cloud and Isolated actions.
Reviewing logs
Admin can review various logs generated for user activities.
Reviewing Data Security dashboard
The Data Security page provides information on sensitive data and its exposure across different mediums.
Reviewing Threat dashboard
The Threat page provides information on malware that is detected in motion or within cloud repositories.
Reviewing SWG Web Browsing dashboard with Webroot URL Categories
Forcepoint ONE SSE's SmartEdge agent and Cloud SWG can also generate ShadowIT logs for web browsing.
Reviewing SWG Web Browsing dashboard with ThreatSeeker URL Categories
Forcepoint ONE SSE's SmartEdge agent and Cloud SWG can also generate ShadowIT logs for web browsing.
Reviewing SWG Enterprise Apps dashboard
Forcepoint ONE SSE's SmartEdge agent and Cloud SWG can also generate ShadowIT logs for enterprise applications.
Configure applications
Forcepoint ONE SSE supports various cloud applications so that Admins can monitor data which is in transit, in motion and at rest.
Microsoft
Forcepoint ONE SSE supports the ability to control access to Microsoft 365 via SSO and API. Forcepoint ONE SSE also supports CSPM audit scanning for Azure.
Google Workspace
Forcepoint ONE SSE supports the ability to control access to Google Workspace and Google Cloud Platform (GCP) via SSO and API. Forcepoint ONE SSE also supports CSPM audit scanning for GCP.
Dropbox
Forcepoint ONE SSE supports the ability to control access to Dropbox via SSO and API.
Box
Forcepoint ONE SSE supports the ability to control access to Box via SSO and API.
AWS
Forcepoint ONE SSE supports the ability to control access to AWS via SSO and API. Forcepoint ONE SSE also supports CSPM audit scanning.
Slack
Forcepoint ONE SSE supports the ability to control access to Slack via SSO and API.
Salesforce
Forcepoint ONE SSE supports the ability to control access to Salesforce via SSO and API.
ServiceNow
Forcepoint ONE SSE supports the ability to control access to ServiceNow via SSO and API. Also, Forcepoint ONE SSE supports SSPM scanning feature.
Atlassian (Confluence and JIRA)
Forcepoint ONE SSE supports the ability to control access to Atlassian via SSO and API.
GitHub
Forcepoint ONE SSE provides SSO and API integrations with GitHub in order to scan and surface sensitive data at rest.
Egnyte: Configuring API access
This guide page will walk you through how to setup Egnyte for API scanning with Forcepoint ONE SSE. It is important to note that Egnyte enforces API rate limits on all tenants which will not be suitable enough for Forcepoint ONE SSE API scanning.
Configure Forcepoint Security Manager
Forcepoint Security Manager (FSM) is an Any HTTP/S ZTNA App/Service application which can be used for adding multiple FSM ZTNA internal applications while onboarding a large customer.
Cisco WebEx Teams (Formerly Spark): Configuring API access
Forcepoint ONE SSE can provide visibility into data at rest inside of Cisco WebEx Teams (Spark) and quarantine sensitive files.
Mobile Mail Cutoff (M365, Google, Exchange)
Mobile Mail cutoff features enable you to enforce that all ActiveSync traffic goes through Forcepoint ONE SSE.