Supported methods

Select the method to use based on your needs and the Forcepoint NGFW version.

There are configuration steps in both Web Security Cloud and the Forcepoint NGFW Security Management Center (SMC). Use the cloud Security Portal to configure Web Security Cloud, and the Management Client component of the SMC (SMC Management Client) to configure the SMC.
Note: Different methods for forwarding traffic from the Forcepoint NGFW to Web Security Cloud require specific Forcepoint NGFW and SMC versions. The SMC version must be the same major version or higher than the Forcepoint NGFW version.

Access rules

Note: This method requires Forcepoint NGFW version 6.6.3 or higher and SMC 6.6.2 or higher.
  1. In Web Security Cloud, configure an EasyConnect service.
  2. In the SMC Management Client, create a Proxy Server element that represents Web Security Cloud.
  3. In the Action options of an Access rule, select the Proxy Server to forward traffic to.

We recommend that you use Access rules to forward traffic. However, if you have a more complex environment and existing NAT rules, forward traffic using the NAT rules method instead. When you use Access rules to forward traffic, all existing NAT rules in the policy are ignored, but element-based NAT is taken into account. All destination NAT definitions are ignored. If element-based source NAT definitions have been defined and if default NAT has been enabled in the properties of the NGFW Engine, those NAT definitions are processed.

Element-based NAT is sufficient in most cases, but if you need to use NAT rules to have greater flexibility, you must forward traffic using the NAT rules method.

NAT rules

Note: This method requires Forcepoint NGFW version 6.5 or higher.

Use this method if you have existing NAT rules for a more complex NAT setup. Use NAT rules if you want to, for example, forward traffic while using Outbound Multi-Link elements to select the network link for the traffic.

  1. In Web Security Cloud, configure an EasyConnect service.
  2. In the SMC Management Client, create a Proxy Server element that represents Web Security Cloud.
  3. In the NAT options of a NAT rule, select the Proxy Server to forward traffic to.

Custom Service element

Note: This method requires Forcepoint NGFW version 6.4 or higher.
  1. In Web Security Cloud, configure an EasyConnect service.
  2. In the SMC Management Client, create a Proxy Server element that represents Web Security Cloud.
  3. Create a custom Service element that references the Proxy Server.
  4. Use the custom Service element in Access rules.

Policy-based VPN

Note: This method requires SMC version 6.1 or higher.
  1. In the cloud Security Portal, configure Forcepoint Web Security Cloud to receive traffic from the NGFW Engine. Add the Forcepoint NGFW Engine as an Edge Device using the IPsec Advanced feature of Web Security Cloud.
  2. In the SMC Management Client, import predefined VPN elements to create a policy-based VPN.
  3. Add an access rule to redirect traffic into the VPN.