Workflow for existing users

For existing users, the Forcepoint ONE | Firewall service involves the following high-level steps:

Note: Here existing user means that the user is an existing customer of the Forcepoint ONE product but now has also opted for the Forcepoint ONE | Firewall application.
  1. Create sites and connections
  2. Connect your sites to Forcepoint ONE Cloud
  3. Create objects
  4. Create a policy
  5. Configure an identity provider

Create sites and connections

A site represents a corporate location or office from which traffic originates. For more details on how to create a site, refer to the Creating sites in Forcepoint ONE portal topic in the Forcepoint ONE SSE Deployment Guide.
Note: The sites and connections are created in the Forcepoint ONE SSE portal.

Connect your sites to Forcepoint ONE Cloud

To forward traffic to Forcepoint ONE Cloud, you must configure IPsec or GRE tunnels between your site and Forcepoint ONE Cloud (Cloud Firewall service).

For more details, on how to configure and deploy IPsec or GRE tunnel, refer to the Configuring and deploying GRE and IPsec tunneling topic in the Forcepoint ONE SSE Deployment Guide.
Note: The IPsec or GRE tunnels are configured in the Forcepoint ONE SSE portal.

Create objects

Objects are reusable elements that can be assigned to policies to create traffic filtering rules and inspection rules. You can create objects from the Objects page in the Forcepoint ONE | Firewall application. To navigate to the Objects page, on the Navigation pane, click Objects.

For more details on objects, refer to the Objects topic in the Forcepoint ONE | Firewall online help documentation.
Note:

You can only create the following objects from the Objects page in the Forcepoint ONE | Firewall application:

  • Network Services
  • Source IP Address Lists
  • Destination IP Address Lists
  • Domain Name Lists

Create a policy

Create a policy to configure rules that are used to control access to objects, inspect and secure the traffic that is routed through the firewall.

For more details on policy, refer to the Policy topic in the Forcepoint ONE | Firewall online help documentation.

Configure an identity provider

To use SAML-based authentication for user access control to applications, configure a third-party identity provider (IdP) for single sign-on. For more details, refer to the Adding external IdPs in Forcepoint ONE topic in the Forcepoint ONE SSE Deployment Guide.
Note: The identity providers are configured in the Forcepoint ONE SSE portal.