Dynamic Edge Protection inspects and secures traffic from any connected site or device, using a set of organization-wide policies providing protection against malware, compromises, and inappropriate content.

Overview of key concepts within Forcepoint Dynamic Edge Protection.

Administrators manage their Dynamic Edge Protection service via the management portal.

A site is a geographical location, with one or more edge devices that direct traffic to the service for filtering and inspection via IPsec or GRE tunneling.

An administrator is a user with access to the management portal, responsible for making administrative changes to the service, or viewing reports.

The Administration > Authentication page provides settings to support user identity management, such as SCIM (System for Cross-domain Identity Management).

The Proxy tab provides settings required to configure your endpoint clients to use Dynamic Edge Protection as a web proxy service.

The Administration > Log Management page provides access to an exported log file of the past 30 days of traffic.

Resources are reusable elements that can be assigned to policies to create traffic filtering and inspection rules.

A policy is a set of processing rules that are applied to matching traffic. The 5 rule stages are applied to the request in order. Connections to Internet resources are monitored for the duration of the session, and all upstream and downstream traffic is inspected based on your policy rules before being routed back to the appropriate user.

Network rules apply block, allow, or continue actions for network traffic on all ports and protocols, based on source, destination, or traffic signatures defined as Services.

Application rules apply block, allow, or continue actions for requests to cloud applications. TLS-encrypted traffic can be decrypted for inspection.

Web Category Rules apply block, allow, or continue actions to web requests, based on the category to which the URL belongs. Users who try to access websites that are blocked by the policy are shown a Forcepoint block page.

Dynamic Edge Protection performs deep packet inspection to detect and block threats and suspicious traffic. Use the Threat Categories policy stage to define the level of protection for different categories of threat.

The Analytics: Monitoring pages use a Time period selector to adjust the range of data that is shown. Trend data varies according to the time period selected.

The Traffic monitoring page displays bandwidth usage details for traffic that has been directed through the service.

The Web Summary monitoring page displays bandwidth usage details for traffic that has been directed through the service.

The Block Summary monitoring page displays information about destination addresses, cloud applications, services, and user actions that have been blocked across all policies.

Fields included in the traffic log export file.

Some domains are never decrypted by the Dynamic Edge Protection service. These include trusted domains, third-party services used by Forcepoint, and domains that use certificate pinning. Note: even if your policy's TLS inspection setting is set to Decrypt, the domains in this list will not be decrypted.