Configuring FSM/FONE DS controlled policies for CASB and SWG channels

Forcepoint ONE SSE provides a capability to enforce DLP policy and associated actions setup in the Forcepoint Security Manager (FSM) or Forcepoint ONE Data Security (FONE DS) for CASB and SWG channels in Forcepoint ONE SSE.

This functionality is helpful for the customers who have Forcepoint Enterprise DLP or FONE DS and would like to apply DLP Policies in the FSM/FONE DS for the CASB and SWG channels in Forcepoint ONE SSE.

Important:

Forcepoint ONE Data Security now seamlessly integrates with Forcepoint ONE SSE, enabling the direct application of Forcepoint DLP from the Cloud. This advancement eliminates the necessity for an on-premises Forcepoint Security Manager (FSM), streamlining data protection processes. To know more about the Forcepoint ONE Data Security application, refer to Forcepoint ONE Data Security Online Help.

The procedure to integrate Forcepoint ONE SSE with Forcepoint ONE Data Security is similar to integrating with on-premises FSM.

The integration between the Forcepoint ONE SSE and the Forcepoint DLP is achieved via multi-directional communications among the customer-deployed FSM server, the cloud-hosted Data Protection Service (DPS), and the Forcepoint ONE SSE cloud infrastructure.



  1. Policies are uploaded from the FSM to the cloud-hosted DPS.
  2. End-user transfers sensitive data from/to a cloud application that is under monitoring.
  3. This triggers the Forcepoint ONE SSE to send event details to the DPS for analysis.
  4. DPS returns the policy mitigation (for example: block or permit) post analysis.
  5. FSM downloads the incident and forensic information which can be viewed in the reporting section.

To know about end-to-end integration with FSM, refer to the following integration guides: