IntroductionForcepoint ONE SSE cloud SWG solution enables web traffic filtering when a SmartEdge agent cannot be deployed on the end user's machine, such as for Guest users or IoT devices or when the organization does not want to deploy an agent.
IPsec overviewIPsec is an extension to the IP protocol that provides secure traffic tunneling by authenticating and encrypting information sent over a network.
ThroughputFor Forcepoint ONE SSE Cloud SWG, Forcepoint allocates 0.1 megabits per second (Mbps) per licensed user per virtual datacenter.
AudienceDefines the audience of this document.
Configurations on Forcepoint ONE SSEThis section details the configurations required to setup IPsec tunnel on Forcepoint ONE SSE.
Creating SitesA Site represents a corporate location from which traffic will originate. While creating a Site, you can configure either GRE or IPsec tunnel through which traffic should be sent over to cloud and create or add subnets groups within the site.
Viewing TunnelsAfter creating tunnels, you can monitor the status of each tunnel under Analyze > Tunnels page.
Configurations on Cisco ASA/FTD deviceThis section details the configurations you need to carry on Cisco ASA/FTD version 9.8 or later version using the details from the Analyze > Tunnels page in Forcepoint ONE SSE.
Supported IPsec settingsFor IPsec connectivity, your edge device must be configured to use Forcepoint-supported IKE tunnel negotiation and IPsec encryption settings.
Abbreviations for configuration parameters in IPsec examplesAbbreviations are used for configuration parameters in the configuration examples. Replace the abbreviations with the appropriate addresses and values for your configuration.
IKEv2 ConfigurationDescribes how to configure IPsec tunnels on Cisco ASA/FTD using IKEv2.
Useful show and debug commands for IPsec tunnelsShow and debug commands display information such as connection and operation statistics.
Example IPsec configuration for Cisco ASA/FTDThis topic provides example IPsec configurations that needs to done on Cisco ASA/FTD to route http and https traffic to Forcepoint ONE SSE via IPsec tunnels.
Troubleshooting IPsec tunnelsThe troubleshooting information describes some typical problems that you might encounter in configuring and establishing your IPsec tunnels, and the suggested actions for how to resolve the problems.
Verifying high availability failoverFor each site you add, it is important to ensure that the High Availability (HA) failover capability is provisioned and configured correctly such that failover happens successfully when required.