Introduction
Forcepoint ONE SSE cloud SWG solution enables web traffic filtering when a SmartEdge agent cannot be deployed on the end user's machine, such as for Guest users or IoT devices or when the organization does not want to deploy an agent.
IPsec overview
IPsec is an extension to the IP protocol that provides secure traffic tunneling by authenticating and encrypting information sent over a network.
Throughput
For Forcepoint ONE SSE Cloud SWG, Forcepoint allocates 0.1 megabits per second (Mbps) per licensed user per virtual datacenter.
Audience
Defines the audience of this document.
Configurations on Forcepoint ONE SSE
This section details the configurations required to setup IPsec tunnel on Forcepoint ONE SSE.
Creating Sites
A Site represents a corporate location from which traffic will originate. While creating a Site, you can configure either GRE or IPsec tunnel through which traffic should be sent over to cloud and create or add subnets groups within the site.
Viewing Tunnels
After creating tunnels, you can monitor the status of each tunnel under Analyze > Tunnels page.
Configurations on Cisco ASA/FTD device
This section details the configurations you need to carry on Cisco ASA/FTD version 9.8 or later version using the details from the Analyze > Tunnels page in Forcepoint ONE SSE.
Supported IPsec settings
For IPsec connectivity, your edge device must be configured to use Forcepoint-supported IKE tunnel negotiation and IPsec encryption settings.
Abbreviations for configuration parameters in IPsec examples
Abbreviations are used for configuration parameters in the configuration examples. Replace the abbreviations with the appropriate addresses and values for your configuration.
IKEv2 Configuration
Describes how to configure IPsec tunnels on Cisco ASA/FTD using IKEv2.
Useful show and debug commands for IPsec tunnels
Show and debug commands display information such as connection and operation statistics.
Example IPsec configuration for Cisco ASA/FTD
This topic provides example IPsec configurations that needs to done on Cisco ASA/FTD to route http and https traffic to Forcepoint ONE SSE via IPsec tunnels.
Troubleshooting IPsec tunnels
The troubleshooting information describes some typical problems that you might encounter in configuring and establishing your IPsec tunnels, and the suggested actions for how to resolve the problems.
Verifying high availability failover
For each site you add, it is important to ensure that the High Availability (HA) failover capability is provisioned and configured correctly such that failover happens successfully when required.