The proxy query page. Users can access a query page to find out whether their browser settings are correct for accessing the proxy.
Remote users should use the alternate PAC file addresses using port 80 or if requesting access from networks that may have port , , or locked down. Click Test Connection to verify the connection between your network and the cloud service. When you are ready, click Next to continue the wizard. Note that if you cannot immediately complete the required firewall configuration, you can still move on to the next step in the wizard.
The next step is Sending end user information to the cloud service. Copyright Forcepoint. All rights reserved. Required for. Organizations that require on-premises traffic filtering and analysis. Configure your existing on-premises proxy to forward traffic to the cloud service.
See Configuring proxy chaining with the Forcepoint cloud service on the Forcepoint Support site for more details. Organizations with an existing on-premises proxy where existing network infrastructure cannot be changed. The Forcepoint Web Security Cloud PAC file contains a number of global settings and includes any exclusions you add for example, intranet sites that should not use the cloud proxy. All supported browsers have the ability to use PAC files.
This can be used to ensure that users always receive their policy-specific PAC file, even when connecting from unknown IP addresses, such as roaming users. Forcepoint Endpoint clients run in the background on end user devices, providing a seamless browsing experience. Endpoint automatically authenticates users with the service, and provides policy enforcement and data security features. The endpoint client has been designed to consume minimal CPU, memory, and disk resources, and has tamper controls to prevent users disabling the software.
The endpoint client allows administrators to create policies that provide user-specific policy enforcement, with seamless authentication, full visibility of inbound and outbound traffic, and that don't restrict use of the device. There are three versions of the endpoint client, each suited to different sets of end user needs:. Neo: this endpoint client can be used in either proxy connect mode or direct connect mode, and can automatically switch from one to the other when necessary.
Proxy Connect : also known as Classic Proxy Connect endpoint, this endpoint client redirects all traffic to the cloud proxy for analysis. Proxy Connect is recommended for most scenarios, and supports the widest set of security features. Direct Connect : also known as Classic Direct Connect endpoint, this endpoint client contacts the cloud service for each request to determine whether to block or permit a website, but routes the web traffic itself directly to the Internet.
Direct Connect also routes traffic to the cloud service to perform content analysis, if configured in your policy. Direct Connect is recommended for scenarios in which proxy connections may be problematic, and in some circumstances can improve content localization. The diagram shows the two different endpoint versions servicing a web request:. In the first scenario, Neo or the Classic Proxy Connect endpoint directs all web traffic via the cloud proxy. This is useful for users who connect from locations such as guest or public networks where non-standard ports may be locked down.
This can be useful to ensure that remote users always get the PAC file for a particular policy. See the sections below for further information, and guidance on when to use each option. When the cloud service receives a request for the standard PAC file, if it knows which policy the requester is using, it delivers the PAC file for that policy; otherwise it delivers a global PAC file. If you have already deployed a standard cloud PAC file that uses a different URL than the one displayed on the page, there is no need to change it unless you wish to.
Here, xxxxxx is a unique identifier for your policy. You should use the policy-specific PAC file in the following circumstances:.
You cannot use a proxied connection on your policies. You do not need to use a policy-specific URL when connecting from an IP address configured as a proxied connection in a policy, since the policy-specific PAC file is automatically served. A remote user needs to access bypass destinations specified in the policy-specific PAC file, but is able to access these destinations directly, for example, via a VPN client. In this case, use the alternate PAC file address listed on the policy's General tab.
Remote users should also use the alternate policy-specific PAC file address if requesting access from a network that has port locked down.
0コメント