Content Gateway Analysis

Administrator Help | Forcepoint Web Security | v8.5.x

Related topics:

Configuring Content Gateway analysis

Configuring content categorization

Configuring tunneled protocol detection

Configuring content security

Configuring file analysis

Content Gateway outbound security analysis

Content Gateway advanced analysis options

Configuring exceptions to Content Gateway analysis

Data files used with Content Gateway analysis

Reporting on advanced real-time analysis

Bypass options

Advanced analysis and bypass features, including SSL decryption bypass, are available with Forcepoint™ Web Security. These features are not available with Forcepoint URL Filtering.

Content Gateway performs advanced analysis of web traffic as it flows through the on-premises proxy. Only sites that are not already blocked, based on the active policy, are analyzed.

Configuring content categorization categorizes content from URLs that are not in the Forcepoint URL Database and from sites with dynamic content, as identified by Forcepoint Security Labs. Analysis returns a category for use in policy enforcement.

Configuring tunneled protocol detection analyzes traffic to discover protocols tunneled over HTTP and HTTPS. Such traffic is reported to Filtering Service for protocol policy enforcement. Analysis is performed on both inbound and outbound traffic.

Configuring content security analyzes inbound content to find security threats such as malware, viruses, phishing, URL redirection, web exploits, proxy avoidance, and others.

Configuring file analysis can apply to as many as 2 methods of inspection to detect security threats.

Traditional antivirus (AV) definition files to find virus-infected files.

Advanced File Analysis sends suspicious files for analysis and can be configured to send alerts via email, SNMP, or both when a file is found to contain malicious content.

The File Type Options settings determine which types of files are analyzed for malicious content, including executable and unrecognized files. Individual file extensions may also be specified. This setting does not apply to Advanced File Analysis.

Content Gateway outbound security analysis provides 2 types of outbound analysis. The first performs outbound content analysis that mirrors your inbound Security Threats content analysis and file analysis configuration. The second performs data theft analysis, looking for and blocking outbound custom encrypted files, password files, and other sensitive data.

The Content Categorization and Scanning Sensitivity control allows you to tune the Content Categorization and Content Analysis sensitivity thresholds (Content Gateway advanced analysis options).

For large, streaming, or slow transactions, the Content Delay Handling option provides some control over how long to wait before releasing a portion of buffered content to the client (Content Gateway advanced analysis options).

The Scanning Timeout, File Size Limit and Content Stripping Advanced Options apply to all traffic transiting the proxy (Content Gateway advanced analysis options).

Several presentation reports can provide details about how advanced analysis features protect your network from attempts to access sites containing threats. See Reporting on advanced real-time analysis.

Scanning exceptions are lists of hostnames or URLs that are always analyzed or never analyzed. The type of analysis to always or never perform is specified per hostname/URL or group of hostnames/URLs. A list of client IP addresses whose content is never analyzed can also be specified. See Configuring exceptions to Content Gateway analysis.

Bypass settings include options for:

SSL decryption bypass options support the specification of clients, websites, and website categories that are not subject to decryption and analysis as they flow through the proxy. These options apply only if SSL support is enabled in Content Gateway. See SSL decryption bypass.

Authentication bypass supports the ability to bypass Content Gateway user authentication for requests to selected cloud applications. See Authentication bypass


	Note Authentication bypass for Office 365 is supported with explicit proxy deployments. Transparent proxy deployments are supported only if Content Gateway bypass for Office 365 and SSL decryption bypass for "Office - Collaboration" categories are not enabled.

Content Gateway bypass is used to bypass the proxy server for requests to selected cloud applications.See Content Gateway bypass.


	Note Content Gateway bypass is supported for transparent proxy deployments only.

Enabling analysis and bypass features

Administrator Help | Forcepoint Web Security | v8.5.x

To enable the advanced analysis and bypass features that are available with Forcepoint Web Security, an appropriate subscription key must be entered in the Forcepoint Security Manager. You can enter the key:

In the Initial Setup Checklist

On the Settings > General > Account page

On the Settings > General > Policy Servers page, after selecting a Policy Server instance to edit.

Review current key information on the Account or Policy Servers page.

The key is automatically passed to all Content Gateway instances associated with the current Policy Server. See Reviewing Policy Server connections and Managing Content Gateway connections for more information.

For information about configuring advanced analysis options, see Configuring Content Gateway analysis. For information about SSL decryption bypass options, see Bypass options.