Forcepoint Appliances server communication
Client browser and other connections to the Forcepoint Appliance
For configuration using HTTPS and SSH connections to the appliance and the Forcepoint Security Appliance Manager, the appliance uses FIPS 140-2 certified cryptographic libraries to establish a secure connection. The appliance uses the following algorithms:
Remote console access (SSH):
- AES128-CTR
- AES192-CTR
- AES256-CTR
Browser access (HTTPS):
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-SHA384
- ECDHE-RSA-AES256-SHA
- DHE-RSA-AES256-GCM-SHA384
- DHE-RSA-AES256-SHA256
- DHE-RSA-AES256-SHA
- AES256-GCM-SHA384
- AES256-SHA256
- AES256-SHA
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-SHA256
- ECDHE-RSA-AES128-SHA
- DHE-RSA-AES128-GCM-SHA256
- DHE-RSA-AES128-SHA256
- DHE-RSA-AES128-SHA
- AES128-GCM-SHA256
- AES128-SHA256
- AES128-SHA
This communication occurs using the Forcepoint C Cryptographic Module.
Forcepoint Security Appliance Manager connections to Forcepoint Security Manager
The Forcepoint Security Appliance Manager (FSAM) communicates with the Forcepoint Security Manager to verify users, passwords, and registered appliances.
To establish a secure connection, the FSAM uses TLS with the best negotiated encryption algorithm from the following list:
- TLS_RSA_WITH_AES_128_CBC_SHA
- SSL_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA
This communication occurs using the Forcepoint C Cryptographic Module.