Key concepts

In order to get started with the service, you must arrange to forward your web traffic to the service, add users to the service (if required), and create policies to control web access (a default policy is pre-configured).

Traffic forwarding

In order for the service to perform filtering, you must redirect web traffic to the cloud service, and configure your firewall to allow access to the service on specific ports.

Traffic can be directed to the cloud service in a number of ways:
  • A Forcepoint Endpoint: a lightweight software client that runs on end user devices, providing policy enforcement for web browsing.
  • A browser PAC (proxy auto-config) file: a configuration script that can be configured in your users’ browsers (via GPO or similar) to redirect browser requests to the service.
  • Firewall redirection: a simple method implemented on your firewall to redirect all HTTP/HTTPS traffic to the service.
  • Tunneling: IPsec or GRE connectivity to forward traffic to the service from a supported edge device.

Alternatively, a Forcepoint I Series appliance can be deployed in order to provide fast, flexible on-premises traffic analysis. If you have an existing on-premises proxy, this can be connected to the service via proxy chaining. For more information about forwarding traffic, see Forwarding traffic.

User synchronization

The service can identify and authenticate users in order to provide user and group-specific policy enforcement, and detailed user activity reporting. Users can be added manually, or identity management can be configured so that user details are automatically updated to the cloud service.

This step is optional; some organizations apply the same policies to all users based solely on IP address, without requiring users to authenticate.

Note: If your organization has roaming users (those who connect from locations outside of your network), those users must be registered and must identify themselves in order to use the service remotely. See User registration methods.

Policies

Policies allow or block access to web resources, and control your authentication, content filtering, security, and data loss prevention (DLP) settings. Exceptions can be configured to override or bypass policy settings per user or group.

Filtering is based on a set of web categories drawn from the Forcepoint URL Database, constantly updated by Forcepoint Security Labs, with security threats identified in real time by Forcepoint ThreatSeeker Intelligence.

A default policy is available, providing a set of standard web filtering settings. Once you are up and running with the service, you can edit this policy and create new ones, providing differing levels of access for different users and departments. (See Tailoring your policies.)