Configuration

The following list of rules is organized into groups that address different deployments. Be sure the /etc/sysconfig/iptables file contains all the rules from each section that apply to your network.

If the proxy is configured to use multiple NICs, use the -i option (which means “match only if the incoming packet is on the specified interface”) to specify the appropriate NIC for each rule that applies to an interface. Typically, multiple interfaces are divided into these roles:

  • Management interface (MGMT_NIC) – The physical interface used by the system administrator to manage the computer.
  • Internet-facing interface (WAN_NIC) – The physical interface used to request pages from the Internet (usually the most secure interface).
  • Client-facing interface (CLIENT_NIC) – The physical interface used by the clients to request data from the proxy.
  • Cluster interface (CLUSTER_NIC) – The physical interface used by the proxy to communicate with members of the cluster.
    Note: If you customized any ports that Forcepoint Web Security uses for communication, replace the default port shown in the following rules with the custom port you implemented.