Go to the table of contents Go to the previous page Go to the next page View or print as PDF
v8.5.0 Release Notes for Web Protection Solutions : New in Web Protection Solutions
New in Web Protection Solutions
Release Notes | Forcepoint Web Security and Forcepoint URL Filtering |28-Feb-2018
*
*
*
*
*
*
*
*
*
*
*
*
*
Product mapping
Version 8.0 was the first product release that used a new, simplified product naming and grouping of the familiar product line.
Version 8.4 then reset the product names to better align with the company vision.
 
Security enhancements
Forcepoint Security Labs Analysts continually assess potential security vulnerabilities which can be introduced by third-party libraries. Security improvements have been made in several areas in version 8.5.
Protected cloud apps (Web Security only)
Integration with Forcepoint CASB is now available with Forcepoint Web Security. Customers who have purchased the new Forcepoint Web Security Cloud App Control module or licenses for Forcepoint CASB can integrate their Web Security product and forward requests made to the purchased assets (called managed cloud apps in the web products) directly to CASB for proper handling.
In the Forcepoint Security Manager, navigate to Web > Settings > CASB Configuration > Protected Cloud Apps.
1.
Enable the feature by switching the Enable connection with Forcepoint CASB option to ON.
2.
Click Connect to Forcepoint CASB and use the information received in the fulfillment letter you received from Forcepoint CASB to enter your:
a.
b.
c.
d.
Click Connect to generate a connection to Forcepoint CASB.
3.
You are limited by the number of apps for which your CASB license is valid.
4.
*
*
*
5.
On the Settings > General > Filtered Locations page, add a list of all locations where Internet traffic is managed by an instance of Content Gateway.
 
Note 
A CA certificate will be provided to each Forcepoint CASB customer and automatically downloaded to your deployment. This certificate must be uploaded to each Content Gateway server machine as well as installed on each client.
Policy enforcement for managed sanctioned apps
Policy enforcement is provided by Filtering Service for cloud application requests. The new action code "Protected cloud app request forwarded" is applied to requests to the managed applications when the requests are forwarded to Forcepoint CASB.
When policies are enforced, the list of managed applications is used to determine which protected application requests should be forwarded.
*
*
*
*
See Administrator Help for details.
Use reports to track requests to the managed apps by finding the log records that are assigned the new action code.
Report Center
A new set of reporting tools has been added with version 8.5. These tools allow you to create multi-level, flexible reports that can be used for analysis of logging data, including cloud apps data (provided on the Cloud Apps tab of the Reporting > Applications page of manager).
Navigate to Web > Main > Report Center in the Forcepoint Security Manager.
*
The Report Catalog offers a set of pre-defined Standard Reports for common scenarios, a list of all reports that have been marked as frequently used (Favorites), as well as the list of saved custom reports (My Reports).
The Standard Reports are pre-defined templates which can be used as defined or as a starting point for new reports. They cannot be edited or deleted.
*
*
*
When a report folder is selected, the reports pane is populated with the Name, Type, Date Range, and last Modified date for each report in the folder.
The table is sorted by Name (with folders listed first). The sort can be changed by selecting one of the other columns.
*
Use the Report Builder to create or view high-level reports from scratch.
*
*
*
Requests is part of each report, by default.
*
Up to two attributes can be used to group the data.
*
Use Filters to refine the report so that it includes the data you are specifically interested in.
Filters can be used with both logging and cloud app data and can be applied to metrics as well as to attributes.
*
Use Date range to define the time period to be covered by the report.
Select a standard time period (between today and 3 months) or a specific date and time range.
*
*
*
Use the Transaction Viewer to create reports that offer more detailed information.
*
*
*
*
The Date range defines the time period (a standard time period or specific date and time) covered by the report.
*
Use the Columns drop-down to add columns to the report.
*
Enable Detail View or double click a row to open the Transaction Details page and view specifics about each transaction.
*
The Scheduler allows you to add, maintain, and monitor jobs that will generate specified reports at defined times.
*
*
*
*
Within the Report Builder or the Transaction Viewer:
*
*
Use Search to search for attributes to add to the report.
*
Export options can be used to generate a PDF file or a comma separated list (CSV) that can be loaded into a spreadsheet.The exported data can include all or selected transactions, as well as detail data.
A maximum of 20,000 table rows can be exported. Data exported from the detail view can include a maximum of 20 rows.
*
*
 
Note 
Office 365 bypass
New bypass options have been added to Forcepoint Security Manager to allow requests to Office 365 to bypass either Content Gateway user authentication, the Content Gateway proxy, or both.
The Web > Settings > Scanning > SSL Decryption Bypass page of Security Manager has been renamed Bypass Settings and additional features have been added.
*
Select the SSL Decryption Bypass tab to specify clients, websites, and website categories that are not subject to decryption and analysis as they flow through the proxy.
*
On the Authentication Bypass tab, select Office 365 and related applications to allow requests to Office 365 applications to bypass the authentication process configured in Content Gateway manager.
 
Note 
Authentication bypass for Office 365 is supported with explicit proxy deployments. Transparent proxy deployments are supported only if Content Gateway bypass for Office 365 and SSL decryption bypass for "Office - Collaboration" categories are not enabled.
When this feature is enabled, appropriate rules are automatically added to the Content Gateway filter.config file for use by the proxy.
*
Select Office 365 and related applications on the Content Gateway Bypass tab to allow requests to Office 365 applications to bypass the Content Gateway server completely.
 
Note 
Content Gateway bypass is supported for transparent proxy deployments only.
Content Gateway enhancements
Enhancements have been made to Content Gateway.
*
 
Note 
A list of IP addresses or address ranges can be entered on the Configuration > Security > Access Control > Global Authentication Options.
1.
In the new Credential Caching section, select Do not cache authentication requests from the specified IP addresses
2.
All requests made from these IP addresses will be authenticated.
*
The option of TLSv1 on the Configure > SSL > Decryption/Encryption page (Inbound and Outbound tabs) and on the Configure > Security > FIPS page of Content Gateway Manager is no longer a default selection.
Options for TLSv1.1 and TLSv1.2 have been added and enabled by default.
*
SIEM enhancements
Improvements have been made to the way data that is forwarded to a supported Security Information and Event Management (SIEM) solution.
*
*
Reporting optimizations
Changes have been made to some of the reporting components, including the Log Database and Log Server, to provide improved functionality for logging and reporting.
General enhancements
Changes have been made in order to make the product more user friendly and to better protect our customers.
*
*
Active Directory Mixed Mode is no longer supported and is no longer an option on the Web > Settings > General > Directory Services page of Forcepoint Security Manager. See Removed in this version below.
*
When upgrading to v8.5, deployments configured to use Active Directory Mixed Mode will be modified to use Active Directory (Native Mode).
Re-add client information and re-assign clients to existing policies after the upgrade completes.
In order for policy enforcement to be applied correctly immediately after upgrade, go to the Web > Settings > General > Directory Services page of the Forcepoint Security Manager prior to upgrade and configure the Global Catalog server for user and group based policies.
*
*
When upgrading, the new DC Agent settings will overwrite the current configuration. Customers preferring to use SMBv1 can reset the appropriate settings in transid.ini. See Using DC Agent for Transparent User Identification for information.
In conjunction with this change, the default selection for Domain Discovery, when the feature is enabled on the Settings > General > User Identification > DC Agent page of Forcepoint Manager, is DC Agent.
*
*
*
The password used for the Password Override feature enabled on the Policy Management > Clients > Edit Clients page of Security Manager now has the following requirements:
*
*
*
*
*
Install and upgrade improvements
Improvements have been made to the installation and upgrade screens and process.
*
Browser support
See the Certified Product Matrix for the latest list of supported browsers.
Logon application support
Logon Agent communicates with the logon application (LogonApp) on client machines to identify users as they log onto or off of Windows domains.
*
The logon application supports the following operating systems:
*
*
*
 
For more information about Logon Agent and the logon application, see the Using Logon Agent for Transparent User Identification white paper.
Removed in this version
*
Technical support for Windows Active Directory in mixed mode ended with v8.4. For version 8.5, full functionality has been removed. The Windows Active Directory (Mixed Mode) option has been removed from the General > Settings > Directory Services page of Forcepoint Security Manager.
*
Active Directory (Native Mode) is now the default selection on the Directory Services page.
See Product Support Life Cycle for additional information about planned support of existing products.
*
The Advanced Detection option has been removed from the Settings > Scanning > Scanning Options page of Forcepoint Security Manager. Other analytic features will take the place of this option. (APWEB-10118, APWEB-9390)
Corresponding elements of the Scanning Data Files list on the Monitor > My Proxy > Summary page of Content Gateway Manager have also bee removed. (APWEB-9390)
Third-party platform and product support
All components
This version adds support for:
*
*
*
*
This version ends support for:
*
See the full list of supported operating systems here.
See the Certified Product Matrix for the latest list of supported browsers.
 
Note 
Note that installing web protection components on Windows Server 2012 or 2012 R2 requires Microsoft .NET Framework v.35 and v4.5. Install both and turn them both on before running the Forcepoint Security Installer.
Content Gateway
This version is supported on:
*
 
Important 
*
 
Important 
As a best practice, Red Hat Enterprise Linux systems that host Content Gateway should be registered with Red Hat Network and kept up-to-date with the latest security patches.
 
Important 
 
Important 
For a complete platform requirements information, see System requirements for this version in the Deployment and Installation Center.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
v8.5.0 Release Notes for Web Protection Solutions : New in Web Protection Solutions
Copyright 2017 Forcepoint. All rights reserved.