Directing traffic to the cloud service

In order for a roaming user to connect to the cloud service, they must either have Forcepoint Web Security Endpoint installed, or a proxy auto-configuration (PAC) file setting configured in their browser.

If the user has the endpoint client installed, this forces a connection to the cloud service to authenticate the user and apply policy settings appropriate for the user.

PAC files direct browser traffic to the cloud service, and are typically deployed to end user machines via a Windows Group Policy Object (GPO) or similar. Settings for end users are usually locked down so that they cannot be changed. For more information on PAC files, see Proxy auto-configuration (PAC) in the Forcepoint Web Security Cloud help.

A roaming user’s ability to connect to the service may depend on any firewall restrictions that may be in place on their network, and the LAN settings configured in the roaming user’s browser. By default, the cloud service uses port 8082 or 8087 to retrieve PAC files. In some networks, these ports may be locked down, which can cause problems for roaming users.

You can avoid the potential limitation with using port 8082/8087 by deploying the alternate PAC file address for roaming users. The alternate address connects via port 80 or 443, the standard ports for web browsing. See the Settings > General page in the cloud portal for more details.