Workflow for new users

For new users, the Forcepoint ONE | Firewall service involves the following high-level steps:

Note: Here new user means that the user is new to the Forcepoint ONE product and has also opted for the Forcepoint ONE Firewall application.

Add administrator
Add user and groups
Create sites and connections
Connect your sites to Forcepoint ONE Cloud
Create objects
Create a policy
Configure an identity provider

Add administrator

By default, one administrator account is configured for your account. If required, you can create additional administrators to allow other users to sign into the portal to configure settings or view reports. For more information on how to add an administrator, refer to the Creating custom Admin Roles topic in the Forcepoint ONE Deployment Guide.

Note: The administrators are added in the Identity and Access Management section of the Forcepoint ONE SSE portal.

Add user and groups

In order to be identified and authenticated by your policy rules, users must exist in the Forcepoint ONE user directory.

For more details:

On how to add a user, refer to the Creating a local administrator account topic in the Forcepoint ONE SSE Deployment Guide.
On how to add groups, refer to the Creating a local user group topic in the Forcepoint ONE SSE Deployment Guide.
On how to provision users, refer to the Provisioning users topic in the Forcepoint ONE SSE Deployment Guide

Note: The user and groups are added in the Identity and Access Management section of the Forcepoint ONE SSE portal.

Create sites and connections

A site represents a corporate location or office from which traffic originates. For more details on how to create a site, refer to the Creating sites in Forcepoint ONE portal topic in the Forcepoint ONE SSE Deployment Guide.

Note: The sites and connections are created in the Forcepoint ONE SSE portal.

Connect your sites to Forcepoint ONE Cloud

To forward traffic to Forcepoint ONE Cloud, you must configure IPsec or GRE tunnels between your site and Forcepoint ONE Cloud (Cloud Firewall service).

For more details, on how to configure and deploy IPsec or GRE tunnel, refer to the Configuring and deploying GRE and IPsec tunneling topic in the Forcepoint ONE SSE Deployment Guide.

Note: The IPsec or GRE tunnels are configured in the Forcepoint ONE SSE portal.

Create objects

Objects are reusable elements that can be assigned to policies to create traffic filtering rules and inspection rules. You can create objects from the Objects page in the Forcepoint ONE | Firewall application. To navigate to the Objects page, on the Navigation pane, click Objects.

For more details on objects, refer to the Objects topic in the Forcepoint ONE | Firewall online help documentation.

Note:

You can only create the following objects from the Objects page in the Forcepoint ONE | Firewall application:

Network Services
Source IP Address Lists
Destination IP Address Lists
Domain Name Lists

Create a policy

Create a policy to configure rules that are used to control access to objects, inspect and secure the traffic that is routed through the firewall.

For more details on policy, refer to the Policy topic in the Forcepoint ONE | Firewall online help documentation.

Configure an identity provider

To use SAML-based authentication for user access control to applications, configure a third-party identity provider (IdP) for single sign-on. For more details, refer to the Adding external IdPs in Forcepoint ONE topic in the Forcepoint ONE SSE Deployment Guide.

Note: The identity providers are configured in the Forcepoint ONE SSE portal.