Content Gateway initial configuration

Documentation | Support

Go to the table of contents

Go to the previous page

Go to the next page

Initial Configuration for All Security Modules > Content Gateway initial configuration

Content Gateway initial configuration

Deployment and Installation Center | Forcepoint Web Security

Forcepoint Web Security, v8.5.x

After Content Gateway is installed, perform these basic configuration activities:


	Note The subscription key is automatically applied to Content Gateway when you enter it in the Web Security module of the Forcepoint Security Manager.

Log onto the Content Gateway manager and run a basic test (Getting Started)

If there are multiple instances of Content Gateway, consider configuring a managed cluster.

Configure protocols to proxy in addition to HTTP: HTTPS (SSL support), FTP

Complete your explicit or transparent proxy deployment

Content Gateway explicit and transparent proxy deployments

In Content Gateway Manager Help: Explicit proxy, Transparent proxy

If proxy user authentication will be used, configure user authentication. Alternatively, configure Other methods of user identification.

Configure the real-time Scanning Options in the Forcepoint Security Manager

If you enabled content caching during installation, configure content caching.

After the base configuration has been tested, consider these additional activities:

When HTTPS (SSL support) is used, configure categories, clients, and destination servers for SSL decryption bypass in the Forcepoint Security Manager.

Create Content Gateway filtering rules to:

Deny or allow URL requests

Insert custom headers

Allow specified applications, or requests to specified web sites to bypass authentication

Keep or strip header information from client requests

Prevent specified applications from transiting the proxy

In explicit proxy deployments, customize the PAC file

In transparent proxy deployments, use ARM dynamic and static bypass, or use router ACL lists to bypass Content Gateway (see your router documentation)

The ARM (Adaptive Redirection Module) module of Content Gateway uses a firewall. To facilitate interception and redirection of traffic:

IPTables rules are configured during installation of Content Gateway.

Forcepoint IPTables chains are inserted.

Forcepoint IPTables rules are also inserted into existing chains.

Forcepoint chains and rules use "NC_" as a prefix for identification purposes.

IPTables rules configured outside of Content Gateway Manager must

Be inserted after Forcepoint rules.

Never be added to Forcepoint chains.

Forcepoint chains and rules should never be edited.

If customized chains or rules impact the Forcepoint configuration, navigate to /opt/wcg/bin and execute the following to re-establish the Forcepoint IPTables chains and rules.:

netcontrol.sh -r

Go to the table of contents

Go to the previous page

Go to the next page

Initial Configuration for All Security Modules > Content Gateway initial configuration

Copyright 2023 Forcepoint. All rights reserved.