Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Remote Filtering Software
Configuring Remote Filtering Software
Deploying the Remote Filter Module | Forcepoint URL Filtering | v8.4.x, v8.5.x
Use the instructions in this document to:
*
Configure your network firewall to handle communication between Remote Filtering Client, Remote Filtering Server, and Filtering Service appropriately.
*
Determine whether user requests are permitted or blocked when Remote Filtering Client is unable to contact Remote Filtering Server from outside your organization's network.
Firewall configuration
The external network firewall and any additional firewalls located between the Remote Filtering Server machine and the remote computers should be configured as follows:
*
Open the Remote Filtering Server's External Communication Port on these firewalls to accept connections from Remote Filtering Clients on computers located outside the network firewall. The default is 80, but this is often changed to port 8080 during Remote Filtering Server installation.
*
Block connections to the Remote Filtering Server's Internal Communication Port from computers located outside the network firewall. The default is 8800.
If there is a firewall between the Remote Filtering Server machine and the machines running Policy Broker, Policy Server, and Filtering Service, configure it as follows.
*
Open the Filtering Service filtering port (default 15868) to accept connections from the Remote Filtering Server.
*
Open the Filtering Service block page port (default 15871) to allow Filtering Service to send block pages to remote users.
*
Open the Policy Broker communication port (default 55880) to allow Remote Filtering Server to receive configuration updates made in the Web Security module of the Forcepoint Security Manager.
See the documentation for your firewall product for configuration instructions.
Global remote filtering settings
Use the Settings > General > Remote Filtering page in the Web Security module of the Forcepoint Security Manager to configure whether users receive Internet access when Remote Filtering Client cannot contact Remote Filtering Server from outside the network.
Mark the Block all requests... check box to block off-site users from all Internet access unless their computer is communicating with Remote Filtering Server (fail closed).
By default, users have unrestricted access to the Internet when their computers cannot communicate with the Remote Filtering Server (fail open).
Optionally, you can also configure your remote filtering software to ignore HTTPS or FTP traffic, or change the Remote Filtering Client heartbeat interval. For instructions, see:
*
Configuring remote filtering to ignore HTTPS or FTP
*
Configuring the Remote Filtering Client heartbeat interval

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Remote Filtering Software
Copyright 2022 Forcepoint. All rights reserved.