Enabling TLS decryption for the Forcepoint NGFW engine

If the Forcepoint NGFW user response will redirect HTTPS websites to Forcepoint RBI, then enable TLS decryption.

This is a high-level procedure to add the CA certificate. For more detailed information about TLS decryption on Forcepoint NGFW, see the Forcepoint NGFW Product Guide on the Forcepoint Customer Hub for your version of Forcepoint NGFW.

Steps

  1. Open the Forcepoint NGFW engine properties in the management UI.
  2. Browse to Add-Ons/TLS Inspection in the tree view.
  3. Create or import a suitable CA certificate for TLS decryption. Add the certificate in the Client Protection Certificate Authority field.
  4. Save the engine properties.
  5. Import the selected CA certificate to your endpoints as a trusted CA.