Configuring Content Gateway analysis

The analysis options available with Forcepoint Web Security control the types of advanced analysis performed on web traffic as it transits the Content Gateway module (the on-premises proxy).

For an introduction to advanced analysis options and other options related to Content Gateway, see Content Gateway Analysis.

Use the Settings > Scanning > Scanning Options page to configure the following:

Configuring content categorization
Configuring tunneled protocol detection
Configuring content security
Configuring file analysis
Content Gateway outbound security analysis
Analytic sensitivity, analysis timeout, size limits, content delay handling, and content stripping (Content Gateway advanced analysis options)

Basic settings are:

Off – No analysis.
On (default) – Analyze content or files with elevated risk profiles, as determined by Forcepoint Security Labs.
Aggressive analysis – Analyze content and files with elevated risk profiles and content and files with lower risk profiles. Aggressive analysis consumes more resources. For best results, monitor system performance and scale system resources to meet demand.

In addition to the On/Off/Aggressive analysis settings, analysis is performed or not performed, based on the Always Scan, Never Scan, and client IP exception lists.

These lists are maintained on the Settings > Scanning > Scanning Exceptions page. See Configuring exceptions to Content Gateway analysis.

Warning: Sites on the Never Scan list are not analyzed under any circumstances. If a site on the Never Scan list is compromised, the malicious code is not analyzed and detected.

When you have completed configuration on the current page, click OK to cache your changes. Changes are not implemented until you click Save and Deploy.