Procedure for configuring filtering settings

Under State Server, provide IPv4 address or hostname and Port information if:
  • Your environment includes multiple Filtering Service instances, and
  • You use the Quota or Confirm actions, password override, or account override.

State Server tracks clients’ quota, confirm, password override, and account override sessions to ensure that session time is allocated correctly across multiple Filtering Service instances (see Policy Server, Filtering Service, and State Server).

After entering State Server connection details, click Check Status to verify the connection. Configure State Server connection information for each Policy Server instance in your deployment.

Under Bandwidth Optimizer, enter the information needed to filter Internet usage based on available bandwidth. For more information about enforcing bandwidth- based Internet access, see Using Bandwidth Optimizer to manage bandwidth.
Note: No bandwidth-based restrictions are enforced on requests passing through the hybrid service.
  1. To specify an Internet connection speed, do one of the following:
    • Select a standard speed from the drop-down list.
    • Enter the network speed in kilobits per second in the text field.
  2. Enter the default thresholds to use when bandwidth-based actions are enforced. Note that when the thresholds are set, but no category or protocol filters include bandwidth-base actions, no bandwidth usage restriction occurs.
    • Network: When total network traffic reaches this percentage of total available bandwidth, start limiting access based on bandwidth, as configured in active filters.
    • Protocol: When traffic for a specific protocol (like HTTP or MSN Messenger) reaches this percentage of total available bandwidth, start restricting access to that protocol, as configured in active filters.
  3. (Forcepoint Web Security only) Content Gateway can collect information about bandwidth consumed by HTTP traffic and protocols that tunnel over HTTP for use in reporting. To enable this option, mark Include bandwidth data collected by Content Gateway.

Use the Block Messages section to enter the URL or path to the alternative HTML block page you created for the top frame of browser-based block messages (see Creating alternate block messages), or to configure Forcepoint Web Security to include a link to ACEInsight on block pages.

  • Separate pages can be used for the different protocols: FTP, HTTP (including HTTPS), and Gopher.

    Leave these fields blank to use the default block message.

    If you have created custom block pages, and want to use those block pages for all protocols, you can also use the fields in this section blank (see Creating Custom Block Pages).

  • With the Hybrid Module for Forcepoint Web Security, custom block messages specified in the fields above are not applied to requests handled by the hybrid service.

    Instead, use the Settings > Hybrid Configuration > User Access page to customize the hybrid block page (see Customizing hybrid block pages).

  • (Forcepoint Web Security only) When a user clicks the ACEInsight link, the URL the user attempted to access is sent to ACEInsight and a web page is displayed showing ACEInsight analysis.

    The URL sent to ACEInsight is truncated, to omit the CGI string (which could include a user name or password). As a result, ACEInsight does not analyze password-protected content, and may return different results than Content Gateway.

    The ACEInsight link does not appear on hybrid block pages.

Under Search Filtering, select Enable search filtering to activate a setting built into certain search engines so thumbnail images and other explicit content associated with blocked sites are not displayed in search results (see Search filtering).

The search engines for which this feature is supported are displayed below the check box.

When you have finished configuring settings on this page, click OK to cache the changes. Changes are not implemented until you click Save and Deploy.