Limitations

The following items are known limitations of the Forcepoint IPsec Advanced solution.
  • Certificate authentication is not currently supported for IPsec Advanced.
  • Forcepoint Web Security Endpoint is not supported for use with Forcepoint IPsec Advanced.
  • Secure form-based authentication is not supported for use with Forcepoint IPsec Advanced.
  • To support PAC file enforcement, you must use the alternate (port 80/443) PAC file address. The standard PAC file address (using port 8082/8087) is not supported.
  • If a user has previously authenticated within the tunnel and relevant cookies are set, then using an authentication bypass rule to force NTLM, basic authentication, or a welcome page for a destination URL does not work with IPsec Advanced tunneling. However, if the first request is made to the URL configured under an authentication bypass rule, the selected authentication method in the rule will be enforced.
  • Basic authentication does not work for iTunes with IPsec Advanced tunneling.
  • SNI is required for HTTPS traffic when using transparent proxy.
    • Windows XP does not support SNI and is, therefore, not supported for Forcepoint IPsec Advanced.
    • Encrypted Client Hello (aka Encrypted SNI) is not supported when using transparent proxy.
  • Dropbox is not supported for use with the Protected Cloud Apps feature in Forcepoint Web Security Cloud with IPsec Advanced.
  • Some web pages may not load properly in Safari after successful user authentication. Ensure the Block cookies option is set to Never in Safari’s Privacy preferences.