Subscribe to service updates and access Forcepoint help and support services.

Overview of key concepts within Forcepoint Private Access.

Administrators manage their Private Access service using the management portal.

Details of new and updated features, as well as known and resolved issues for Private Access.

Use this workflow to get started with your Private Access service. This setup overview covers setting up Private Access, configuring private applications, and enabling remote access from your Cloud Security Gateway or standalone users.

When you begin setting up your Private Access service, your initial setup tasks include adding administrators, checking and editing your sites and connections, importing users and groups, and configuring an identity provider for single sign-on.

Configure the private applications that will be enabled for remote access, and define private application access control rules.

Configure remote access to private applications using the endpoint client. The process for configuring remote access to your private applications varies depending on whether you are using Forcepoint Cloud Security Gateway, or Private Access as a standalone solution.

When you have completed setting up access to your private applications, test that you can access the application from outside your corporate network, using the endpoint client.

A site is a geographical location, data center, or cloud service, that connects to the service using traffic tunneling. Sites represent your private application hosting locations.

For customers using Private Access as a standalone service, use the proxy auto-config (PAC) files on the Hosted PAC files page to configure endpoint. These PAC files are used by the Forcepoint Web Security Endpoint client to direct private application traffic to the Private Access service.

For customers using Private Access as a standalone service, the Endpoint general page provides installation settings for the Forcepoint Web Security Endpoint, which is built using the Forcepoint One Endpoint package builder.

IPsec tunnels are used to connect private application hosting sites to provide remote access to internal applications.

These instructions explain how to configure a highly available IPsec VPN connection on a Forcepoint Next Generation Firewall (Forcepoint NGFW) for inbound private application traffic coming from Forcepoint Private Access.

Use the dashboard filters, including the related events filter, to customize the data displayed in the dashboard or details page.

Use the time period selector to display reporting information for the previous number of hours or days.

The Details page displays detailed log information for the information displayed in the dashboard.

Use the Administration > Private applications page to define the internal applications that users will be able to access remotely.

The Deploy changes history table displays the status of the last 50 policy deployments for your Private Access account.

An administrator is a user with access to the management portal, responsible for making administrative changes to the service, or viewing reports.

The Administration > Log management page provides access to an exported log file of the past 30 days of traffic.

Resources are reusable elements that can be assigned to policies to create traffic filtering and inspection rules.

End users are provisioned to the service from your identity provider, and can be used in policy rules. You can assign policies, rules, and exceptions to specific users. The Users page shows a read-only view of provisioned users.

Users groups are provisioned to the service from your identity provider, and can be used in policy rules. You can assign policies, rules, and exceptions to specific groups. The User groups page shows a read-only view of provisioned user groups.

The Administration> Authentication > SCIM settings page provides the configuration details required to connect your SCIM-compliant identity and access management provider to the service.

SAML (Security Assertion Markup Language) is a standard for exchanging authentication information between an identity provider (IdP) and a service provider (Forcepoint). SAML-based single sign-on allows seamless user identification and authentication for end users, using your preferred IdP. When a SAML 2.0-compliant IdP has been configured, policy rules or exceptions that require user identity trigger an authentication request for clients whose identity is not already known to the service. The client request is redirected to the configured IdP for authentication.

Private Access integrates with third-party identity provider (IdP) tools to provision users and groups to the service, and to provide single sign-on for end user authentication.

Private access policy rules identify and authenticate the users that are permitted to access your private applications, and filter incoming traffic based on its source IP address. Traffic decryption and threat inspection can be used to identify potential threat signatures in private application traffic.

Traffic logs for Private Access are exported using the Administration > Log management feature. The table lists traffic log fields included in the log export file.

©2021 Forcepoint