Sites

A site is a geographical location, with one or more edge devices that direct traffic to the service for filtering and inspection via IPsec or GRE tunneling.

The Administration > Sites page lists the site connections used to direct traffic to the service via IPsec and GRE tunneling.

Note: Currently, sites and connections are created by Forcepoint. Administrators can edit the details for existing sites and connections. In future releases, administrators will be able to create new sites and connections.

Traffic can be forwarded to the service using one of the following types of tunnel connectivity:

  • GRE Direct: connect directly to a data center IP address via GRE tunneling. GRE is relatively simple to configure, and does not perform encryption on traffic sent through the tunnel.

    Note: GRE connectivity does not support sites with dynamic IP addresses.

  • IPsec Direct: connect directly to a data center IP address or region-specific hostname via IPsec VPN tunneling using a pre-shared key. Recommended for customers that connect to the Internet with a dynamic IP address, or have a requirement to encrypt the connection to Dynamic Edge Protection. Customers can connect their device to a Forcepoint IP address or fully qualified domain name (FQDN). Forcepoint recommends using the FQDN if your edge device supports it.
Important: Forcepoint strongly recommends that you configure connections to 2 separate regions, and configure your device to fail over in case connectivity to one region is lost.

The Sites screen displays the following information for each site.

Table 1.
Column Description
Name A user-defined name for the site.
Description Optional user-defined description for the site.
Connection The connection(s) configured for this site. (Forcepoint recommends that each site should be configured with more than one connection for redundancy.)
Status The current connectivity status for the tunnel:
  • Active: the service has seen recent activity from the site.
  • Idle: no activity has been detected for more than 1 hour.
  • Pending (not connected): no traffic has been detected from the tunnel for the past 7 days. The edge device might not have been configured.
  • Unknown (status unavailable): the current connection status cannot be displayed.
Note: for secondary tunnels in a high availability (HA) configuration, the status “Pending” will be displayed after 7 days of inactivity, even though the tunnel is still ready for use. This status will be changed in a future release.

Click a row in the table to open details of the connections configured for that site.

In the Connections panel, your router details and connectivity settings for IPsec or GRE tunnels are displayed for each connection. Use these settings to configure your edge device for connectivity to the service.

Note: Depending on your configuration, each site can have multiple connections. Sites and connections are currently created by Forcepoint. Some settings can be edited by administrators. Sites and connections cannot be deleted by administrators.