Introduction

Forcepoint Next Generation Firewall (Forcepoint NGFW) can forward web traffic to Forcepoint Web Security Cloud for inspection. The traffic is inspected in Web Security Cloud and transparently forwarded to the destination.

You must have a subscription to use the Web Security Cloud service. The service's data centers are geographically distributed. The NGFW Engine uses DNS resolution to select the IP address of the geographically closest data center. Both Windows Challenge/Response (NTLM) authentication and manual authentication using an email address and password are supported in Web Security Cloud.

Figure: How forwarding web traffic works

1

Traffic from the client arrives at the NGFW Engine (a Single Firewall or a Firewall Cluster).

2

Access rules or NAT rules in the Firewall policy determine which connections are forwarded to Web Security Cloud.

3

Web Security Cloud inspects the traffic, then forwards it to the original destination.

4

Web Security Cloud inspects the reply packets from the server, then forwards them to the client.

For more information, see the following documentation at https://support.forcepoint.com/s/article/Documentation-Featured-Article.

• Forcepoint Next Generation Firewall Product Guide
• Forcepoint Web Security Cloud Getting Started Guide
• Security Portal Help