Set Up Content Gateway

After the base configuration has been tested, consider these additional activities:

  • If you are using HTTPS (SSL Manager), use the Web module of the Security Manager to configure categories, clients, and destination servers for SSL decryption bypass
  • Create Content Gateway filtering rules to:
    • Deny or allow URL requests
    • Insert custom headers
    • Allow specified applications, or requests to specified websites to bypass authentication
    • Keep or strip header information from client requests
    • Prevent specified applications from transiting the proxy
  • In explicit proxy deployments, customize the PAC file.
  • In transparent proxy deployments, use ARM dynamic and static bypass, or use router ACL lists to bypass Content Gateway (see your router documentation).
  • The ARM (Adaptive Redirection Module) module of Content Gateway uses a firewall. To facilitate interception and redirection of traffic:
    • IPTables rules are configured during installation of Content Gateway.
      • Forcepoint IPTables chains are inserted.
      • Forcepoint IPTables rules are also inserted into existing chains.
      • Forcepoint chains and rules use “NC_” as a prefix for identification purposes.
    • IPTables rules configured outside of the Content Gateway manager must:
      • Be inserted after Forcepoint rules
      • Never be added to Forcepoint chains
    • Forcepoint chains and rules should never be edited.
    • If customized chains or rules impact the Forcepoint configuration, navigate to /opt/wcg/bin and execute the following to re-establish the Forcepoint IPTables chains and rules:

      netcontrol.sh -r