Understanding Policy Broker

Policy Broker is responsible for managing access to both policy data (including clients, filters, filter components, and delegated administration settings) and to certain global settings that apply to the entire deployment. Settings specific to a single Policy Server instance (like its Filtering Service and Network Agent connections) are stored separately.

Even in multiple Policy Server environments, the same set of policy and general configuration data is shared throughout the deployment, thanks to Policy Broker.

  1. At startup, each web protection component requests applicable configuration information from Policy Broker.
  2. Running components frequently check for changes to configuration information.
  3. The primary or standalone Policy Broker updates its database each time administrators make changes in the Web module of the Forcepoint Security Manager and click Save and Deploy.
  4. After a configuration change, each component requests and receives the changes that affect its functioning via Policy Broker.

It is possible to install one or more Policy broker replicas in addition to the primary Policy Broker. In a replicated environment, changes made in the Forcepoint Security Manager are saved to the primary Policy Broker. After the change, each replica synchronizes its copy of the data to receive the latest updates.

  • The Policy Broker mode (standalone, primary, or replica) is set during installation, but can be changed later (for example, to change from a standalone environment to a replicated environment) using a command-line utility. See Managing Policy Broker Replication for more information.
  • In a replicated environment, you can configure a Policy Broker connection order for each Policy Server instance in your deployment. This determines where components attached to a Policy Server (like Filtering Service) look first for updates to configuration information. See Reviewing Policy Broker connections.

Whether you have a single (standalone) Policy Broker or a primary Policy Broker with replicas, be sure to back up your policy and configuration data on a regular basis. See the Backup and Restore FAQ for more information.