Introduction

Forcepoint ONE Firewall is a cloud-based firewall capability for all ports and protocols whose communication is initiated in the outbound (site or device to Internet) direction. It includes granular firewall policies, malware detection, Layer 7 Deep Packet Inspection (DPI), and an industry-leading Intrusion Prevention System (IPS) and threat protection service.

Forcepoint ONE Firewall can secure remote branch office sites with better scale than branch firewalls, and reduced capital costs. It can apply consistent security policies across all users and locations using a flexible and centralized policy management. Also, it provides excellent visibility and control over networks across all sites without deploying physical appliances.

User Authentication for Forcepoint ONE Firewall

Users are authenticated by the Cloud SWG component of Forcepoint ONE. To authenticate for Forcepoint ONE Firewall, the user needs to make a web request, during which they are displayed with the Forcepoint ONE login page and must enter their ID and password to login. The SWG then maps the user to their source IP address, so that the Forcepoint ONE Firewall can use the source IP address to identify the User.

Note: Any policy configured by the Admin is applied to non-authenticated entities, except for identity-based policies which require authentication.

Workflow

1: Customer Admin configures the sites and connects the on-premises edge device to Forcepoint ONE Cloud by using an IPsec or GRE tunnels.

2: All site traffic is sent through the tunnel to Forcepoint ONE Cloud, where the Firewall only does the non-web traffic inspection.

3: All web traffic is forwarded to cloud SWG for web traffic inspection.

4: All traffic that satisfies the policy egresses to the internet and traffic that do not satisfy the policy are blocked.