Configuring your firewall to connect to the cloud service
In order for the cloud service to manage web traffic from your network, your firewall must allow TCP connections outbound to Forcepoint data centers on specific ports. The table below details the ports that may be used, depending on your configuration.
Port | Required for |
---|---|
8081 | Web browsing when using standard PAC file addresses. |
8082 (default) |
Retrieving cloud service PAC files (standard PAC file address). |
8087 (default) |
Retrieving cloud service PAC file over HTTPS (standard PAC file address). |
8006 | End user single sign-on authentication. See Configure End User Single Sign-On settings. |
8089 | Secure form authentication. See Access Control tab. |
80 |
|
443 |
|
To guarantee availability, Forcepoint Web Security Cloud uses global load balancing to direct traffic across multiple geographic locations. In the event of localized connectivity issues, data center load balancing automatically routes requests to the next closest location. To make the most of the resilience offered by this infrastructure, users must be allowed to connect to the entire cloud network.
For details of the IP address ranges in use by cloud service data centers, see the article Cloud service IP addresses and port numbers in the Forcepoint Knowledge Base.
In addition to the above, ports 80 and 443 can be used by:
- Block and notification page components, including stylesheets and images, served from a separate website used by the cloud infrastructure (not directly through the cloud proxy).
- Non-proxied destinations. IP addresses and domains configured using the Proxy Bypass setting are configured to route directly to the origin server. Browsers will connect directly via port 80 (or 443 for HTTPS).
- The roaming home page. Although this service is principally for remote users, you may choose to configure all browsers to use this as their home page. This page is always unproxied when using cloud service PAC files.
- The proxy query page. Users can access a query page to find out whether their browser settings are correct for accessing the proxy.