Using the service from home networks
Users connecting from home networks are treated as roaming, and are identified by the endpoint client, or by IP address, as described in Identifying roaming users.
In some circumstances, home users might connect to their network, launch a browser, and find that they are not using the Web Security Cloud service. This can happen for two reasons:
- The user launches the browser before the computer receives its IP configuration information.
- The computer connects to a network that uses a router that does not have an IP address assigned. This can occur with some Internet connections that use dynamically assigned IP addresses such as some home broadband connections. If the connection hasn’t been used for some time, the router’s lease for its IP address may have expired.
In the case of the Proxy Connect endpoint, if this occurs, the browser tries to retrieve its PAC file, and fails. If the computer is assigned an IP address immediately after the failure, the browser can fall back to accessing the Internet directly without retrying the PAC file. When endpoints can’t connect to the cloud service, they allow Internet use to continue, and apply filters that have been cached, in order to provide as much protection as possible. This is known as Fallback mode.
If you encounter this issue, the possible solutions are as follows:
- Deploy Forcepoint Web Security Endpoint
Installing the endpoint, either for all or just for roaming users, ensures that all web traffic receives enforcement from the cloud service.
- Configure an explicit proxy
Some browsers allow you to configure an explicit proxy in addition to using a PAC file. You must ensure that you also add the global non-proxied destinations contained in the Web Security Cloud PAC file as proxy exceptions. Failure to do so could result in the service being inaccessible. For information on accessing the cloud service PAC file, see Proxy auto-configuration (PAC) in the Forcepoint Web Security Cloud help.
Adding an explicit proxy for roaming users ensures that users are always protected, with no user intervention. However, you must manually update any non-proxied destinations you add to the cloud service. In some circumstances, it can also prevent connectivity from some public Internet access points. See Using the service from public Internet access points for more details.