Introduction

Firewall redirection is a simple and effective method for sending web traffic to the cloud service. Firewall redirection is easy to configure and maintain, with no configuration required on client machines - traffic is redirected transparently. Firewall redirection works for both HTTP and HTTPS traffic. NTLM and basic authentication are supported.

Firewall redirection is well suited for:
  • Guest Wi-Fi networks where users do not belong to a domain, and authentication and SSL decryption are not required.
  • Branch offices in hybrid deployments (where no on-premises appliance is installed).
  • Other deployments where the Forcepoint Web Security Endpoint client or proxy auto-config (PAC) files cannot be used - for example, where there are unmanaged devices that require web enforcement.
Important: Cloud service firewall redirection does not provide automatic data center failover. Where transparent redirection with automatic failover is required, please use Forcepoint GRE or IPsec connectivity.
This document includes the following topics:
  • Supported devices
  • Configuration for firewall redirection
  • Device configuration examples
  • Cloud service IP addresses
  • Configuring end-user authentication with firewall redirect
  • Configuring proxy bypass destinations with firewall redirect
  • Limitations and known issues