Basic

Configure > My Proxy > Basic > General

Restart

Restarts the proxy and manager services (the content_gateway and content_manager processes). You must restart the proxy and manager services after modifying certain configuration options. A message is displayed in the manager when a restart is required.

Important: In a cluster configuration, the Restart button restarts the proxy and manager services on all nodes in the cluster.
Proxy Name

Specifies the name of your Content Gateway node. By default, this is the hostname of the machine running Content Gateway.

If this node is part of a cluster, this option specifies the name of the Content Gateway cluster. In a cluster, all nodes must share the same name.

Valid characters for Proxy Name are: A-Z, a-z,0-9 and

- .

Alarm email Specifies the email address to which Content Gateway sends alarm notifications.
Features  
Protocols: FTP

When this option is enabled, Content Gateway accepts FTP requests from FTP clients.

If this option is changed you must restart Content Gateway.

Protocols: HTTPS Enables/disables Content Gateway HTTPS traffic management and security analysis. After selecting HTTPS On, you must provide additional information about the Configure > Protocols > HTTPS page and on the Configure > SSL pages. See Working With Encrypted Data.
Networking: WCCP

Enable this option to use a WCCP v2-enabled router for transparent redirection to Content Gateway.

WCCP v1 is not supported.

See Transparent interception with WCCP v2 devices.

If you change this option, you must restart Content Gateway.

Networking: DNS Proxy When this option is enabled, Content Gateway resolves DNS requests on behalf of clients. This option offloads remote DNS servers and reduces response time for DNS lookups. See DNS Proxy Caching.
Networking: Virtual IP When this option is enabled, Content Gateway maintains a pool of virtual IP addresses that it assigns to the nodes in a cluster as necessary. See Virtual IP failover.
Networking: IPv6

When this option is enabled, Content Gateway provides support for IPv6.

IPv6 addresses can be used on any dual stack Ethernet interface that services client and/or Internet traffic.

IPv4 addresses must be used to communicate with all Forcepoint components.

To see a complete description of the feature and an important list of restrictions, see Content Gateway support for IPv6.

Networking: Web DLP

Enables a connection to Forcepoint DLP. There are 2 options:

  • Automatic registration through the Forcepoint management server
  • ICAP communication to a remote Forcepoint DLP deployment (not recommended)

See Working With Web DLP.

If you change this option, you must restart Content Gateway.

Networking: Integration >

Web DLP (integrated on-box)

Enables registration with the on-box Web DLP components and the Forcepoint management server. See Registering Content Gateway with Forcepoint DLP.
Networking: Web DLP: ICAP

Enables ICAP for use with Forcepoint DLP. See

Configuring the ICAP client.

Security: SOCKS

When SOCKS is enabled, Content Gateway communicates with your SOCKS servers. See Configuring SOCKS firewall integration.

If you change this option, you must restart Content Gateway.

Authentication: None

Content Gateway supports several types of user authentication.

When this option is selected, the proxy does not perform user authentication. This is the default setting.

Authentication: Integrated Windows Authentication

When Integrated Windows Authentication (IWA) is enabled, users are authenticated by IWA before they are allowed access to content.

See Integrated Windows Authentication.

If you change this option, you must restart Content Gateway.

Authentication: LDAP

When LDAP is enabled, users are authenticated by an LDAP server before they are allowed access to content.See LDAP authentication.

If you change this option, you must restart Content Gateway.

Authentication: Radius

When RADIUS is enabled, users are authenticated by a RADIUS server before they are allowed access to content. See RADIUS authentication.

If you change this option, you must restart Content Gateway.

Authentication: Legacy NTLM

When legacy NTLM (NTLMSSP) is enabled, users in a Windows network are authenticated by a Domain Controller before they are allowed access to content.

See Legacy NTLM authentication.

If you change this option, you must restart Content Gateway.

Authentication: Rule-Based Authentication

When Rule-Based Authentication is enabled, users are authenticated based on the parameters of the rule that they match. Rule-based authentication supports multiple realm, multiple domain, and other user authentication scenarios. See Rule-Based Authentication.

If you change this option, you must restart Content Gateway.

Authentication: Read authentication from child proxy

Enables or disables the reading of X-Authenticated- User and X-Forwarded-For header values in incoming requests. This option is disabled by default.

Enable this option when Content Gateway is the parent (upstream) proxy in a chain and the child (downstream) proxy is sending X-Authenticated- User and X-Forwarded-For header values to facilitate authentication.

Authentication: Send authentication to parent proxy

Enables or disables the insertion of X-Authenticated- User header values in outgoing requests. This option is disabled by default.

Enable this option when Content Gateway is the child (downstream) proxy in a chain and the parent (upstream) proxy wants X-Authenticated-User values to facilitate authentication.

If this option is enabled, the user name will be sent only to a configured parent proxy. To send user names to all outbound requests, enable proxy.config.http.insert_xua_to_external.

Configure > My Proxy > Basic > Clustering

Cluster: Type

Specifies the clustering mode:

Select Single Node to run this Content Gateway server as a single node. This node will not be part of a cluster.

Select Management Clustering to activate management clustering mode. The nodes in the cluster share configuration information and you can administer all the nodes at the same time.

For complete information about clustering, see

Clusters.

If you change this option, you must restart Content Gateway.

Cluster: Interface

Specifies the interface on which Content Gateway communicates with other nodes in the cluster. For example, eth1.

It is recommended that you use a dedicated secondary interface.

Node configuration information is multicast, in plain text, to other Content Gateway nodes on the same subnet. Therefore, as a best practice, clients should be located on a separate subnet from Content Gateway nodes (multicast communications for clustering are not routed).

On appliances, P1 is the recommended interface. However, you may also use P2 if you are not using it for Internet egress traffic and want to isolate cluster management traffic.

See Changing clustering configuration.

If you change this option, you must restart Content Gateway.

Cluster: Multicast Group Address

Specifies the multicast group address on which Content Gateway communicates with its cluster peers.

See Changing clustering configuration.