Using Access rules

You can use Access rules to forward traffic that uses the HTTP and TLS Network Applications to Forcepoint Web Security Cloud.

Note: This method requires Forcepoint NGFW version 6.6.3 or higher and SMC 6.6.2 or higher.

Follow these general steps:

  1. Configure an EasyConnect service in the cloud Security Portal.
  2. In the SMC Management Client, create a Proxy Server element that represents Web Security Cloud.
  3. Define the Access rule that selects traffic for forwarding to Web Security Cloud.

NAT considerations when using Access rules

We recommend that you use Access rules to forward traffic. However, if you have a more complex environment and existing NAT rules, forward traffic using the NAT rules method instead. When you use Access rules to forward traffic, all existing NAT rules in the policy are ignored, but element-based NAT is taken into account. All destination NAT definitions are ignored. If element-based source NAT definitions have been defined and if default NAT has been enabled in the properties of the NGFW Engine, those NAT definitions are processed.

Element-based NAT is sufficient in most cases, but if you need to use NAT rules to have greater flexibility, you must forward traffic using the NAT rules method. Use NAT rules if you want to, for example, forward traffic while using Outbound Multi-Link elements to select the network link for the traffic.