Configuring Logon Agent settings in Forcepoint Security Manager

Using Logon Agent | Forcepoint Web Security and Forcepoint URL Filtering | 29-Apr-2022

Use the Settings > General > User Identification page to review and edit Logon Agent configuration information.

Use the Transparent Identification Agents table to select the IP address or hostname of the Logon Agent instance that you want to configure.

If you have installed a new Logon Agent instance that does not appear in the list, click Add Agent, then select Logon Agent from the drop-down list.

Under Basic Agent Configuration, enter or verify the IPv4 address or hostname of the Logon Agent machine.


	Note Hostnames must start with an alphabetical character (a-z), not a numeric or special character. Hostnames containing certain extended ASCII characters may not resolve properly. To avoid this issue, enter an IP address instead of a hostname.

Enter the Port that Logon Agent uses to communicate with other web protection components. The default is 30602.

To establish an authenticated connection between Filtering Service and Logon Agent, select Enable authentication, and then enter a Password for the connection.

Next, customize global Logon Agent communications settings. By default, changes that you make here affect all Logon Agent instances.

Under Logon Application Communication, specify the Connection port that the logon application uses to communicate with Logon Agent (15880, by default).

Enter the Maximum number of connections that each Logon Agent instance allows (200, by default).

If your network is large, you may need to increase this number. Increasing the number does increase network traffic.

To configure the default settings that determine how user entry validity is determined, you must first determine whether Logon Agent and the logon application for Windows clients operate in persistent mode or nonpersistent mode (default).

Nonpersistent mode is activated by including the /NOPERSIST parameter when launching LogonApp.exe (see Prepare the Windows logon scripts).

In persistent mode, the logon application contacts Logon Agent periodically to communicate user logon information.

If you are using persistent mode, specify a Query interval to determine how frequently the logon application communicates logon information.


	Note If you change this value, the change does not take effect until the previous interval period has elapsed. For example, if you change the interval from 15 minutes to 5 minutes, the current 15-minute interval must end before the query starts occurring every 5 minutes.

In nonpersistent mode, the logon application sends user logon information to Logon Agent only once for each logon.

If you are using nonpersistent mode, specify a User entry expiration time period. When this timeout period is reached, the user entry is removed from the user map.

The default interval is 24 hours, randomized to prevent performance spikes. Individual user entries expire after 24 hours, give or take 0-20% of that time period.

When you are finished making configuration changes, click OK to return to the Settings > User Identification page, then click OK again to cache your changes. Changes are not saved until you click Save and Deploy.