Key concepts
Overview of key concepts within Forcepoint Dynamic Edge Protection.
Traffic tunneling
Traffic can be forwarded from your sites over any network connection, via IPsec or GRE tunneling. You can opt to forward all outbound traffic from your site to the service, or create rules on your edge device to define which types of traffic are protected.
Forcepoint recommends that you configure primary and secondary tunnels for each site, and configure your devices to fail over to the secondary tunnel in the case of a loss of connectivity.
Sites
A site is one of your organization’s geographical locations that is protected by the service. The edge device at your site must be configured to forward traffic to the service via IPsec or GRE tunneling.
Proxy
Web traffic (HTTP/HTTPS) can be directed to the service for inspection and policy enforcement via the Forcepoint Web Security Endpoint client, in order to protect web traffic for roaming users, or users at remote offices.
Web Security Endpoint
A lightweight endpoint client installed on users' machines that directs web traffic to the proxy service.
Users
An individual end user or endpoint located at one of your sites, whose web requests are routed through and protected by the service. Policies can be applied to all users, and user activity can be shown in reports.
Policies
A policy is a set of security and access rules that are applied to all network traffic that is directed through the service. Policies consist of five stages: network rules, application rules, web category filtering, threat inspection, and file filtering and scanning.
Administrators
An administrator is a user with access to the Dynamic Edge Protection management portal, responsible for making administrative changes to the service, or viewing reports.