Forwarding traffic
In order for Forcepoint Web Security Cloud to filter your traffic, web requests must be redirected to the cloud service. There are a number of methods available to redirect traffic.
During the initial stages of an evaluation or while testing a deployment, we recommend that you manually configure a number of web browsers to use the Forcepoint Web Security Cloud PAC file to forward traffic to the service. This is described in PAC file.
The following table outlines all the traffic redirection methods available, which may be suitable for different organizations and different network environments.
Method | Summary | Recommended for |
---|---|---|
PAC file |
The simplest method to direct browser traffic. Easily configured for a small number of browsers for testing purposes. Once you are happy that the service works as expected, you can deploy the PAC file to more users, via Windows GPO or similar. Further detail is given below (see PAC file). |
Initial setup and testing. Organizations where software cannot be installed on end user devices or other types of connectivity cannot be used. |
Endpoint client |
A lightweight software application installed on end-user devices. The endpoint client seamlessly authenticates users, and provides policy enforcement for web browsing. Further detail is given below (see Endpoint). |
Most scenarios where software can be installed on end user devices. |
Firewall redirection |
Transparently redirect all web traffic by configuring redirection rules on your firewall. For details on this connectivity method, see Firewall Redirect: Forwarding Traffic to the Cloud Service. |
Networks with unmanaged devices, such as a guest Wi-Fi network or BYOD networks. |
IPsec tunneling |
Securely forward traffic over a virtual private network (VPN) using a supported firewall or router. For details on this connectivity method, see the Forcepoint IPsec Guide. |
Networks with unmanaged devices, such as guest Wi-Fi networks or BYOD networks. Organizations that require increased security for web traffic. |
GRE tunneling |
Forward traffic over a GRE tunnel using a supported firewall or router. For details on this connectivity method, see the Forcepoint GRE Guide. |
Networks with unmanaged devices, such as guest Wi-Fi networks or BYOD networks. |
I Series appliance |
Forcepoint appliance that performs fast on-premises URL analysis and application/protocol detection for web traffic, forwarding traffic to the cloud proxy where required. See Deploying an I Series Appliance on the Forcepoint Support site for more details. |
Organizations that require on-premises traffic filtering and analysis. |
Proxy chaining |
Configure your existing on-premises proxy to forward traffic to the cloud service. See Configuring proxy chaining with the Forcepoint cloud service on the Forcepoint Support site for more details. |
Organizations with an existing on-premises proxy where existing network infrastructure cannot be changed. |