Introduction

Forcepoint ONE Mobile enables productivity via secure web access to corporate resources while protecting the user’s mobile device from web threats. It provides protection to iOS and iPadOS devices.

Forcepoint ONE Mobile allows a company to apply the same security posture on mobile devices as it applies on laptops and desktops.

The diagram above depicts a typical data flow that happens when a user tries to access web content from a mobile device that has the Forcepoint ONE Mobile solution running.
  1. After a successful login, the user can use the apps or browse the internet as normal.
  2. Based on the admin configuration, the Forcepoint ONE Mobile solution may bypass or block some traffic at the device.
  3. The Forcepoint ONE Mobile app redirects application or URL traffic to the Forcepoint ONE service in the cloud.
  4. The Forcepoint ONE Cloud SWG service inspects web traffic and applies the same security policies configured for all other endpoints based on the user's identity.
    Note: Forcepoint ONE Mobile solution traffic uses the same policy as other endpoints, configured on the Forcepoint ONE SSE portal under the Protect > Policy page.  However, the location parameter on these policies does not apply to mobile traffic. For more details, see the Configuring SWG policies section from Forcepoint ONE SSE Deployment Guide.
  5. If traffic is blocked, the cloud service presents a block page to the user.
  6. If the request is allowed, the solution then directs the request to the destination web server.

Network settings

The Forcepoint ONE Mobile solution will need internet access to operate. Specifically, the following URLs and ports must be allowed to egress through the network:
  • For web traffic transport: *.swg.forcepoint.io:8082
  • For registration services in Trial environments: https://mobile-agent-svcs-apigw.us.bitglass.net
  • For registration services in Production environments: https://mobile-agent-svcs-apigw.bitglass.com