Configuration for firewall redirection
The requirements for using firewall redirect are as follows:
- All web traffic must exit your network through an edge device (such as a supported firewall or router).
- Port forwarding (NAT and PAT) must be configured on the edge device to forward web traffic on ports 80 and 443 to specific Forcepoint data center IP addresses and ports:
- Forward port 80 (HTTP) traffic to port 8081
- Forward port 443 (HTTPS) traffic to port 8443
- Different IP addresses must be used, per data center, for cloud and hybrid configurations. See Cloud service IP addresses.Note: When using Forcepoint NGFW for firewall redirection to the cloud service in Generic Proxy mode, use port 8081 as the destination port for both HTTP and HTTPS.
The following diagram shows an edge device redirecting traffic to a Forcepoint data center. Port 80 (HTTP) traffic is forwarded to port 8081, while port 443 (HTTPS) traffic is forwarded to port 8443. Traffic is forwarded to the IP address of the geographically closest data center.