Sections in Forcepoint ONE SSE
Forcepoint ONE SSE's navigation UI allows admins to quickly maneuver through the portal to make configuring Forcepoint ONE SSE simpler and more efficient.
Dashboard
Alerts
Alerts provide quick access to important events and information. The main navigation provides an updated counter of new events as they occur based on user activities by categories.
Discovery
CSPM
The CSPM Page will provide visibility into the audit scans of your IaaS systems to surface potentially misconfigured security settings to help you mitigate data loss and ensure you are maintaining compliance with frameworks such as the CIS Benchmark.
Devices
Under Analyze > Devices, you can find information about devices utilizing SmartEdge Agents and Device Profiling Agents that are registered with Forcepoint ONE SSE.
Logs
Add Applications
Configure applications
Forcepoint ONE SSE supports various cloud applications so that Admins can monitor data which is in transit, in motion and at rest.
Application Controls
Configuring notifications
Admins can create custom notification objects that can be applied to policies and reports. This will determine which admins or users are notified when a policy is violated and what the custom message says.
Setup traffic steering
Forcepoint ONE SSE supports SmartEdge Agent and Cloud SWG traffic steering methods. This chapter describes steps to deploy each of those so that traffic can be forwarded to Forcepoint ONE SSE.
Configuring SWG policies
You can configure SWG Connection Policy, Cloud SWG Authentication Policy and SWG Content Policy to manage traffic through Cloud SWG and SmartEdge agent.
Device Profiling Proxy
The Device Profiling Proxy page will allow you to both configure the means to distinguish between a managed and an unmanaged device as well as implement a forward proxy deployment for applying inline policy actions.
Configure Zero Trust Network Access
Forcepoint ONE SSE's Agentless and Agent-based Zero Trust Network Access (ZTNA) provides an alternative to VPNs allowing admins to provide inline protection to internal apps without the need for VPN service to be running on the user's local machine.
Configuring Advanced Threat Protection
Forcepoint ONE SSE provides Advanced Threat Protection (ATP) via partnerships with Crowdstrike and Bitdefender.
Encrypting data
Forcepoint ONE SSE enterprise edition allows users to encrypt data at rest in cloud applications for both file and field level data. Keys can be managed in the Forcepoint ONE SSE Keystore or customers can add their own KMIP Key Store to utilize existing key management appliance/servers (KMS or HSM).
Integration
Understanding User and Groups
You can configure user identity settings and synchronize user information from your directory in order to assign policies to users or groups.
Adding external IdPs in Forcepoint ONE SSE
You can configure various applications to support Forcepoint ONE SSE as a SAML Service Provider.
Understanding Admin Roles
The Admin Roles page is where Forcepoint ONE SSE admins can create different and unique admin roles to assign to users or groups. The role permissions can allow users to Edit, View, or Disabled (hidden) to each individual tab and the sub-component within the tab.
Configuring Multi-Factor Auth
When configuring the global login policies, Admins can enforce two-factor authentication (MFA) for admins and users when logging into any application or as part of a policy action when suspicious login behavior is detected.
Appearance
If Forcepoint ONE SSE is being used as the IdP (as in users will land on a Forcepoint ONE SSE log in page to authenticate to their apps) you have the option to customize the UI of the login page.
REST APIs
Rest APIs enable you to programmatically access data and configuration from your Forcepoint ONE SSE instance.
Certificates
The Certificates page allows you to generate a Certificate Signing Request (CSR), upload a Certificate Authority (CA), or a server certificate and private key.
Support
The Support section contains links to Admin guide, URL Lookup page, and Forcepoint Customer Hub.
Understanding URL Lookup page
Use the inbuilt tool to review the category of a URL or IP entered. This is helpful in finding equivalent ThreatSeeker URL Categories, Enterprise App Categories, Web Browsing Categories along with their respective reputation scores for the entered URL or IP.
Admin Guide
The admin guide is your resource for learning how to setup and deploy Forcepoint ONE SSE.
Building Complex Policies
Customers sometime require the ability to control access to application with granularity. For example, a customer may want to allow usage of the standard mobile email client, but block usage of the Outlook mobile application.
M365 Deployment
This article will cover the steps that administrators must take to complete a successful M365 setup.
Download Links
Consolidates download links for all available agents such as the SmartEdge agent or AD sync agent.
Supported Apps and Browsers
List of supported cloud apps, thick client apps, and browsers.
Forcepoint ONE Bypass Lists for Firewalls and Security Software
Ensure the following domains/URLs are permitted through your firewall to guarantee seamless service and functionality while using Forcepoint ONE SSE services. Unless explicitly specified, most requests are made to Forcepoint ONE Cloud Services via HTTPS on port 443.
Forcepoint ONE SSE datacenters and IPs
This article will provide details on the AWS servers from which Forcepoint ONE SSE will send the traffic to your internal applications and servers.
Data Retention Policy
Protecting sensitive customer data is a core aspect of the Forcepoint ONE SSE solution. Forcepoint ONE SSE only sits in front of applications that house or assist in the transfer of corporate data. Forcepoint ONE SSE provides IT with visibility and control over these applications.
Release Notes
Releases include new features as well as bug fixes.
Known Limitations
Lists the known limitations.
App Supported Features
This page will walk you through which features are support by Application.
Viewing Forcepoint ONE SSE supported file MIME types