Endpoint

For customers using Private Access as a standalone service, the Endpoint general page provides installation settings for the Forcepoint Web Security Endpoint, which is built using the Forcepoint One Endpoint package builder.

Important:

The Endpoint general page provides deployment settings for customers using Private Access as a standalone service. If you are using Cloud Security Gateway, follow the usual installation procedure to install the Web Security Endpoint for Forcepoint Web Security Cloud.

For help installing endpoint for Web Security Cloud, see Installing Forcepoint One Endpoint or Upgrading to Forcepoint One Endpoint at the Forcepoint documentation site: https://⁠support.forcepoint.com/Documentation

The Forcepoint Web Security Endpoint can be deployed to your end users' workstations in order to direct private application traffic to the Private Access service for processing through your policy rules.

Forcepoint Private Access supports the Forcepoint Web Security Endpoint in a proxy connect deployment: private application traffic, as identified by the endpoint PAC file, is directed through the Private Access service edge for inspection and policy enforcement.

The endpoint client identifies your account and the specific user, allowing policies to be applied to users, and user activity to be logged in reports.

The following items are displayed on the Endpoint general page, which are required during endpoint installation.

Table 1. Endpoint deployment settings
Field Description
Account token The account token code is unique to your account, and is used by the endpoint client to identify requests from your organization's users. Use this token when deploying the client manually, or via a Windows Group Policy Object (GPO) or similar deployment method.
Configuration file template The HWSConfig.xml configuration file is used during endpoint installation to define installation settings for the client. This file must be placed in the same folder as the installation package.
As part of endpoint configuration, you must manually edit the following entries in the configuration file template to configure the appropriate settings for your account:
  • Hosted PAC file URL (PACFile URL): the location that will be used to retrieve the PAC file used by the endpoint client.
  • Account token (InitContext): a unique code that identifies your account to the service.
  • Application bypass list (AppWhiteList): a list of applications whose web traffic should be exempted from forwarding and inspection, if required. Application executable file names are added as a pipe-separated list, using regular expressions.
  • End-user override option (LocalProxySetting): a setting to define whether users can temporarily disable the endpoint client, using the context options in the Windows notification area.