Configure NIC settings

Before you begin

Refer to Planning Worksheet 4 for help in configuring NIC settings. These settings determine which NIC is used for monitoring and which is used for blocking and communication with other web protection components. They also determine which IP addresses this Network Agent instance monitors, and how the agent responds to requests for non-HTTP protocols.

Steps

  1. Click an entry in the Network Interface Cards list on the Local Settings page for the Network Agent instance that you are configuring.
    The NIC Information list provides a description of the selected network card.
  2. Indicate whether or not to Use this NIC to monitor traffic.
    If the Network Agent machine has multiple NICs, you can configure more than one NIC to monitor traffic.
    • If this NIC will be used for monitoring, click Configure, and continue with step 3.
    • If this NIC will not be used for monitoring, go to step 4.
  3. Use the Local Settings > NIC Configuration > Monitor List page to configure monitoring behavior:
    • Use the Monitor List to identify which IP addresses (All, None, or Specific) this Network Agent instance monitors.

      If you select Specific, add the IPv4 or IPv6 address ranges and individual IPv4 or IPv6 addresses that this Network Agent should monitor.

    • Under Monitor List Exceptions, add any IP addresses within the monitored ranges that Network Agent should not monitor.
    • When you are finished making changes, click OK to return to the NIC Configuration page.
  4. Indicate which NIC Network Agent should use as a Blocking NIC. This NIC is also used for communication with other web protection components, and must have an IP address.
  5. If you have Forcepoint Web Security, or if Forcepoint URL Filtering is integrated with a third-party product:
    • Select Log HTTP requests to improve reporting accuracy.
    • Select Filter all requests not sent over HTTP ports to use Network Agent to manage only those HTTP requests not sent through the integration product.

      If you are running Forcepoint URL Filtering in Stand-Alone mode, Filter and log HTTP requests is selected, and cannot be changed.

  6. Under Protocol Management, indicate whether Network Agent should be used to Filter non-HTTP protocol requests and Measure bandwidth by protocol.
    Click OK to cache your changes, and then click Save and Deploy to implement them.

Next steps

After configuring Network Agent, you may want to use a packet analyzer to ensure that the monitoring NIC is able to see traffic from all of the IP addresses that it is configured to monitor.

Wireshark is a free, popular, open source network protocol analyzer, available for Windows and Linux systems from www.wireshark.org.

If traffic from some IP addresses is not visible:

  • Review the network configuration and NIC placement requirements.
  • Review Deployment and Installation Center for more detailed network configuration information.
  • Verify that you have properly configured the monitoring NIC.