Creating a custom redirect user response for HTTP and HTTPS websites in Forcepoint NGFW

If you want your users to see a block page and click a link to open the remote browser when they navigate to HTTP and HTTPS websites, then create a new custom user response in Forcepoint NGFW.

For more information about user responses in Forcepoint NGFW, see the Forcepoint NGFW Product Guide on the Forcepoint Customer Hub for your version of Forcepoint NGFW.

Steps

  1. Sign in to Forcepoint NGFW Security Management Center (SMC).
  2. Select Configuration.
  3. Expand the Other Elements branch, then select Engine Properties.
  4. Right-click User Responses, then select New User Response.
  5. In the Name field, enter Forcepoint Remote Browser Isolation.
  6. Expand Connection Discarded by Access Rule.
  7. For Type of Response, select Custom HTML.
  8. Paste the following HTML content:
    <!DOCTYPE html>
    
    <head>
        <title>Connection Not Allowed</title>
    </head>
    
    <body>
        <h1>Connection Not Allowed</h1>
        <p style="line-height:1.5;">The connection was not allowed by the corporate security policy.
            <br><br>For more information, contact your helpdesk and provide the following details:
            <br><br>Source IP Address: <b>{{SrcIP}}</b><br>Destination IP Address:
            <b>{{DstIP}}</b><br>URL: <b>{{Url}}</b><br>URL Category: <b>{{UrlCategory}}</
    b><br>Application: <b>{{Application}}</b><br>Rule: <b>{{RuleTag}}</b></p>
        <p>
            <button id="redirect_button">Proceed with RBI</button>
            <script>
                document.getElementById("redirect_button").onclick = function() {
                    let tenantId = "<replace with actual tenant ID>"
                    let company = "<replace with company part of RBI url>"
                    let rbiBaseUrl = ".rbi.forcepoint.net/loader"
                    let tenantIdParam = "TenantID=" + tenantId
                    let url = "url={{Url}}"
                    let user = "username='{{User}}'"
                    let urlParamsB64 = "SD=" + tenantIdParam + "&" + url + "&" + user)
                    let rbiRedirUrl = "https://" + company + rbiBaseUrl + "?" + urlParamsB64
                    location.replace(rbiRedirUrl)
                };
            </script>
        </p>
    </body>
    
    </html>
  9. Update the company, tenant ID, and username in the URL:
    • <replace with company part of RBI url>: Required: This information can be found in your fulfillment email and in the Forcepoint RBI Admin Portal.
    • <replace with actual tenant ID>: Required. This information can be found in your fulfillment email and in the Forcepoint RBI Admin Portal.
    • X-Authenticated-User={{User}}: Optional. If the username information is removed from the URL, then the username is not recorded in Forcepoint RBI metrics and reports.
    Note: If the user response HTML includes X-Authenticated-User={{User}}, but the username is not known by Forcepoint NGFW, then the redirected browser connection will show as user N/A in the Forcepoint RBI Admin Portal.
  10. Expand URL Not Allowed.
  11. For Type of Response, select Custom HTML.
  12. Copy and paste the same HTML content as mentioned in Step 8.
  13. Click OK.

Next steps

After you edit the user response, you need to assign it to the web categories in the policy.