Define private applications

Define the private applications that users will access remotely.

Defining a private application in the Private Access management portal links your internal application with the external addresses that will be used to access it remotely. The application is assigned a private external address that will be used by your users to access your applications, directing private application traffic through the service to your hosting sites.

To define your private applications, go to Administration > Private applications.

Defining private applications within the Private Access management portal is required in order to:

  • Associate the application with a site.
  • Give the internal application an external private FQDN.
  • Associate the site with a Forcepoint service edge address.
  • Define the internal address and port number used to access the private application on your network.

Each private application has the following parameters.

Sites

All private applications are associated with one of your sites. The site is the hosting location for the application. Private application traffic from outside your organization is directed to the site associated with the application, using one of the site's IPsec tunnels.

External FQDN

The external FQDN for the application is the fully qualified domain name that remote users will use to access the internal application. This FQDN should not be a publicly routable domain. For traffic that is directed to Private Access, the external FQDN is used to direct traffic through the service to the internal application associated with the FQDN.

Service edge

For each application hosting site you define, Forcepoint provides a service edge address for that site. This address is used to direct traffic to an application hosted at that site. Service edge addresses represent the Private Access service, provisioned in a high availability active-active configuration.

Internal address and port number

The internal address and port number for the application are used to access the application on your local network. This address should be accessible from the IPsec tunnel on your edge device that connects to the Private Access gateway.

Note: If you plan to enable SAML authentication in your policy rules, you must configure a SAML authentication private application that links the Forcepoint single sign-on (ACS) URL with the hosting site you are using for SAML authentication.