Registering Content Gateway with Forcepoint DLP

Content Gateway registers with on-box DLP Module components automatically once an administrator enables Web DLP integration.

Note: Automatic registration is not available with Forcepoint DLP Web Content Gateway. See Registering Content Gateway with Forcepoint DLP manually.

To enable Web DLP integration:

Steps

  1. Make sure that:
    1. The Forcepoint management server is running and accessible.
    2. The Forcepoint management server includes both Forcepoint Web Security and Forcepoint DLP management components.
    3. That the system clock on the Forcepoint management server and the Content Gateway machine are synchronized.
  2. Go to the Configure > My Proxy > Basic > General tab in the Content Gateway manager.
  3. Set Integration to On, then select the Web DLP (integrated on-box) option.
    Note: To later disable the integration and unregister Content Gateway and Forcepoint DLP components, turn the Integration option to Off and restart Content Gateway.
  4. Restart Content Gateway.

Next steps

Once the integration is enabled, Content Gateway registers with the Forcepoint management server, and Content Gateway queries the Forcepoint Security Manager for the presence of Forcepoint DLP.

Registration is tested and retried, if needed, every time Content Gateway is started. To perform registration, Content Gateway queries the Policy Broker for needed information, including IP address and cluster ID.

  • Use the Monitor > Summary page in the Content Gateway manager to view registration status information. Click More Detail, then check the list at the bottom of the Subscription Details section.
  • Registration success and failure information is logged in the /opt/WCG/logs/ dss_registration.log file.

If registration succeeds:

  • Configure DLP Module integration on the Configure > Security > Web DLP page in the Content Gateway manager. See Web DLP configuration options for Content Gateway.
  • Content Gateway uses the Forcepoint DLP policy engine for malware detection.
  • Forensic reporting data for the Threats dashboard is collected automatically.
  • DLP Module transaction statistics are displayed on the Monitor > Security > Web DLP page in the Content Gateway manager. For a complete list of statistics, see Web DLP.

If registration fails, an alarm displays. If this occurs, make sure that:

  • Forcepoint Web Security and Forcepoint DLP management components reside on the same management server.
  • The Content Gateway and management server system times are synchronized to within a few minutes.
  • The ports used for communication between Forcepoint DLP components and Content Gateway are open in IPTables. See Forcepoint Ports and Configuring IPTables for Content Gateway.
  • The server hosting software-based (non-appliance) instances of Content Gateway has an IPv4 address assigned to the eth0 network interface.

    After registration, the IP address may move to another network interface on the system, but the IP address must remain available as long as the two modules are registered. The IP address is used for Web DLP policy configuration and deployment.