Getting started

Forcepoint Private Access can be used to provide secure remote access to internal applications located on customer premises or in private cloud services, either as part of a Forcepoint Cloud Security Gateway deployment, or as a standalone solution.

Remote access to private applications can be deployed in two ways:

  • With Cloud Security Gateway: Private Access is deployed along with a Cloud Security Gateway/Web Security Cloud deployment, using the Forcepoint Web Security Endpoint client to direct private application traffic to the service, while all other web traffic is directed through the Forcepoint Web Security Cloud proxy.
  • Private Access standalone: Private Access is deployed as a standalone solution providing remote access to private applications for remote users. Private application traffic is directed to the service using the Forcepoint Web Security Endpoint client, configured to send private application traffic to the Private Access service edge.

Using Private Access with Cloud Security Gateway

Private Access can enable remote access to private applications as part of a Cloud Security Gateway or Forcepoint Web Security Cloud deployment.

1
A Cloud Security Gateway remote user requests the domain of an internal application. The endpoint PAC file directs this internal application traffic to the Private Access service edge. All other web traffic is directed to the Forcepoint Web Security Cloud proxy as usual.
2
The service edge represents high availability Private Access service for authentication and policy enforcement.
3
Users are authenticated and private application policies are applied. Private application traffic can be decrypted and inspected for threat signatures, before being routed to your application hosting site's tunnel connections.
4
Traffic from authenticated users is forwarded through the private application hosting site's IPsec connections to the internal application, using the internal address information configured for the private application.

Using Private Access as a standalone solution

Private Access can be deployed as a standalone solution to enable access to private applications for remote users.

1
For remote users with the endpoint client installed, endpoint directs private application traffic to the Private Access service edge.
2
Users are authenticated and private application policies are applied. Private application traffic can be decrypted and inspected for threat signatures, before being routed to your application hosting site's tunnel connections.
3
Traffic from authenticated users is forwarded through the private application hosting site's IPsec connections to the internal application, using the internal address information configured for the private application.