Introduction
Forcepoint Private Access is a cloud-based zero trust network access solution that provides secure, authenticated remote access to internal applications.
Help and support
Subscribe to service updates and access Forcepoint help and support services.
Key concepts
Overview of key concepts within Forcepoint Private Access.
The management portal
Administrators manage their Private Access service using the management portal.
Product updates
Details of new and updated features, as well as known and resolved issues for Private Access.
Getting started
Forcepoint Private Access can be used to provide secure remote access to internal applications located on customer premises or in private cloud services, either as part of a Forcepoint Cloud Security Gateway deployment, or as a standalone solution.
Setup overview
Use this workflow to get started with your Private Access service. This setup overview covers setting up Private Access, configuring private applications, and enabling remote access from your Cloud Security Gateway or standalone users.
Initial setup
When you begin setting up your Private Access service, your initial setup tasks include adding administrators, checking and editing your sites and connections, importing users and groups, and configuring an identity provider for single sign-on.
Define private application access control
Configure the private applications that will be enabled for remote access, and define private application access control rules.
Configure remote access
Configure remote access to private applications using the endpoint client. The process for configuring remote access to your private applications varies depending on whether you are using Forcepoint Cloud Security Gateway, or Private Access as a standalone solution.
Test private application connectivity
When you have completed setting up access to your private applications, test that you can access the application from outside your corporate network, using the endpoint client.
Connectivity
The Administration > Connectivity section provides options to configure your sites, the private applications that hosted at your sites, and to deploy the endpoint client for Private Access standalone end users.
Sites
A site is a geographical location, data center, or cloud service, that connects to the service using traffic tunneling. Sites represent your private application hosting locations.
Hosted PAC files
For customers using Private Access as a standalone service, use the proxy auto-config (PAC) files on the Hosted PAC files page to configure endpoint. These PAC files are used by the Forcepoint Web Security Endpoint client to direct private application traffic to the Private Access service.
Endpoint
For customers using Private Access as a standalone service, the Endpoint general page provides installation settings for the Forcepoint Web Security Endpoint, which is built using the Forcepoint One Endpoint package builder.
IPsec tunnel configuration
IPsec tunnels are used to connect private application hosting sites to provide remote access to internal applications.
Connect Forcepoint NGFW to Forcepoint Private Access over a VPN
These instructions explain how to configure a highly available IPsec VPN connection on a Forcepoint Next Generation Firewall (Forcepoint NGFW) for inbound private application traffic coming from Forcepoint Private Access.
Dashboard
The dashboard displays a summary of service activity over time.
Dashboard filters and related events
Use the dashboard filters, including the related events filter, to customize the data displayed in the dashboard or details page.
Time period
Use the time period selector to display reporting information for the previous number of hours or days.
View details
The Details page displays detailed log information for the information displayed in the dashboard.
Administration
The Administration tab provides access to configuration settings for your organization. Use this tab to set up connectivity, authentication, administrators, log management, and resources.
Private applications
Use the Administration > Private applications page to define the internal applications that users will be able to access remotely.
Deploy changes history
The Deploy changes history table displays the status of the last 50 policy deployments for your Private Access account.
Administrators
An administrator is a user with access to the management portal, responsible for making administrative changes to the service, or viewing reports.
Log management
The Administration > Log management page provides access to an exported log file of the past 30 days of traffic.
Resources
Resources are reusable elements that can be assigned to policies to create traffic filtering and inspection rules.
Authentication
The Administration > Authentication section provides settings to support end-user provisioning and authentication via integration with your SAML (Security Assertion Markup Language) compliant Identity Provider (IdP).
Users
End users are provisioned to the service from your identity provider, and can be used in policy rules. You can assign policies, rules, and exceptions to specific users. The Users page shows a read-only view of provisioned users.
User groups
Users groups are provisioned to the service from your identity provider, and can be used in policy rules. You can assign policies, rules, and exceptions to specific groups. The User groups page shows a read-only view of provisioned user groups.
SCIM settings
The Administration> Authentication > SCIM settings page provides the configuration details required to connect your SCIM-compliant identity and access management provider to the service.
Identity provider
SAML (Security Assertion Markup Language) is a standard for exchanging authentication information between an identity provider (IdP) and a service provider (Forcepoint). SAML-based single sign-on allows seamless user identification and authentication for end users, using your preferred IdP. When a SAML 2.0-compliant IdP has been configured, policy rules or exceptions that require user identity trigger an authentication request for clients whose identity is not already known to the service. The client request is redirected to the configured IdP for authentication.
SCIM and SAML integration
Private Access integrates with third-party identity provider (IdP) tools to provision users and groups to the service, and to provide single sign-on for end user authentication.
Policies
The Private Access policy tab is used to configure the processing rules that are used to control access to resources, and to inspect and secure traffic that is routed through the service. Private applications policy controls and secures remote access to internal applications.
Private access policy overview
Private access policy rules identify and authenticate the users that are permitted to access your private applications, and filter incoming traffic based on its source IP address. Traffic decryption and threat inspection can be used to identify potential threat signatures in private application traffic.
Appendix
Reference information including a list of fields included in the traffic log export, and details of domains that are never decrypted.
Traffic log fields
Traffic logs for Private Access are exported using the Administration > Log management feature. The table lists traffic log fields included in the log export file.
Copyrights
©2021 Forcepoint