Step 3: Policy Setup

Use the Web > Policy Management > Policies page to create a basic policy to determine which websites can and cannot be accessed by users whose traffic is managed by the cloud service.

The steps below walk you through creating a very basic policy that you can customize later if necessary. See Defining Web Policies in Cloud Security Help for complete details.
  1. Click Add.
  2. Enter a policy name and administrator email address. This email address is used as the address from which system messages are sent.
  3. Select a pre-defined policy template to use as the basis for your new policy:
    • Default blocks access to sites in commonly blocked categories, like Adult Material, Gambling, and sites that present a security risk, while permitting access to sites commonly used for business or educational purposes.
    • Security only blocks only sites that present a security risk (such as phishing related sites or sites that host malware) and permits access to all others.
    • Monitor only does not block any websites, but logs user activity for use in reporting.
  4. Select a Time zone for this policy. This may be used both for time-based policy enforcement and reporting log records.
  5. When you are finished, click Save.

Configuring policy connections

Select the Connections tab to identify the traffic originating from your organization that should be managed by the policy that you are creating.

Each connection is a public-facing IP address, range, or subnet for the gateway through which users’ traffic reaches the Internet.

To get started, click Add, then:
  1. Enter a unique Name and Description for the connection.
  2. Select a connection Type: IP address, IP address range, or subnet.
  3. Enter the connection definition for the type that you selected.
  4. Optionally, select a Time zone for this connection. If no time zone is selected, the time zone defined for the policy as a whole is used.
  5. Click Continue.

Repeat this process for each connection that you want to define for this policy.

Adding end users

The End Users tab is where all end-user registration configuration is performed. Registration is a method of getting user credentials into your cloud service account.

To get started with this new policy, select Invite an end-user in the User Management section.
  1. In the Name field, enter the user’s display name (for example, Jane Doe).
  2. Enter the user’s Email address (for example, jdoe@mydomain.com).
  3. Enter the user’s NTLM identity (for example, mydomain/jdoe).
  4. Click OK.

Repeat this process as needed.

Directing user traffic to the cloud service

Use the Default Pac file addresses on the Web > Settings > General page to get the information you need to use a PAC file to direct user traffic from your browser to the cloud service.

Note: Forcepoint recommends performing initial testing using a PAC file manually configured in a browser. For details of other connectivity methods, see Forwarding traffic.

Perform the following steps on a machine that is inside the network that you defined as a connection in the previous step. (This may be the same machine that you are using to access the cloud portal.)

Configure Chrome to use a PAC file
  1. Open Chrome on the selected machine.
  2. Open the Settings menu.
  3. Click the Advanced Settings link, then scroll down to the Network section.
  4. Click Change proxy settings. This opens an Internet Explorer dialog box to the Connections tab.
  5. Click LAN Settings.
  6. Mark the Use automatic configuration script check box, then paste the URL from the portal page in the address field.
  7. Click OK twice to close the dialog box.
Configure Internet Explorer to use a PAC file
  1. Open Internet Explorer on the selected machine.
  2. Open the Internet options menu.
  3. Select the Connections tab, then click LAN Settings.
  4. In the settings dialog box, mark the Use automatic configuration script check box and paste the URL from the portal page in the address field.
  5. Click OK twice to close the dialog box.
Configure Firefox to use a PAC file
  1. Open Firefox on the selected machine.
  2. Open the Options menu.
  3. Select the Advanced > Network tab.
  4. Click Settings, in the Connection section at the top of the tab.
  5. Select Automatic proxy configuration URL and paste in the URL from the portal page.
  6. Click OK.
    Note: We recommend that cookies are enabled in your browser to use the service. If cookies are not enabled, some features cannot work.