Table of Contents You are at the beginning of the document Go to the next page

Table of Contents

Getting Started
Overview
Working in the Forcepoint Security Manager
Navigating the Forcepoint Security Manager
Reviewing, saving, and discarding changes
Your subscription
Managing your account through the My Account Portal
Configuring your account information
The Master Database
Configuring database downloads
What is WebCatcher?
Forcepoint Technical Support
The Status Dashboards
Threats dashboard
Investigate threat event details
How severity is assigned to suspicious activity
Reviewing threat incident details
Reviewing threat-related forensic data
Risks dashboard
Usage dashboard
System dashboard
Adding elements to a dashboard
Status Monitor mode
Internet Usage Filters
Managing access to categories, protocols, and cloud apps
When a request is blocked
New Master Database categories and protocols
Special categories
Risk classes
Security protocol groups
Actions
Using quota time to limit Internet access
Search filtering
Working with filters
Creating a category filter
Editing a category filter
Creating a protocol filter
Editing a protocol filter
Creating a cloud app filter
Editing a cloud app filter
Pre-defined filters
Category and protocol filter templates
Configuring filtering settings
Web Protection Clients
Working with clients
Working with computers and networks
Working with users and groups
Connecting web protection software to a directory service
Connecting to Windows Active Directory (Native Mode)
Connecting to Novell eDirectory or Oracle Directory Server
Advanced directory settings
Working with custom LDAP groups
Adding or editing a custom LDAP group
Adding a client
Searching the directory service from the Security Manager
Changing client settings
Password override
Account override
Moving clients to roles
Working with hybrid service clients
Web Protection Policies
The Default policy
Working with policies
Creating a policy
Editing a policy
Assigning a policy to clients
Enforcement order
Prioritizing group and domain policies
Responding to a URL request
Content Gateway Analysis
Configuring Content Gateway analysis
Configuring content categorization
Configuring tunneled protocol detection
Configuring content security
Configuring file analysis
Content Gateway outbound security analysis
Content Gateway advanced analysis options
Configuring exceptions to Content Gateway analysis
Data files used with Content Gateway analysis
Reporting on advanced real-time analysis
How analysis activity is logged
Bypass options
Use Reports to Evaluate Internet Activity
What is Internet browse time?
Presentation reports
Creating a new presentation report
Defining the presentation report filter
Selecting clients for a presentation report
Selecting categories for a presentation report
Selecting protocols for a presentation report
Selecting actions for a report
Setting presentation report options
Customizing the presentation report logo
Confirming presentation report filter definitions
Working with presentation report Favorites
Running a presentation report
Scheduling presentation reports
Setting the presentation reports schedule
Selecting presentation reports to schedule
Setting the date range for a scheduled presentation report
Selecting output options for scheduled presentation reports
Viewing the presentation reports scheduled jobs list
Viewing the presentation reports scheduled job history
Reviewing scheduled presentation reports
Investigative reports
Summary investigative reports
Using search to generate a summary investigative report
Anonymizing investigative reports
Multi-level summary investigative reports
Flexible detail investigative reports
Columns for flexible detail investigative reports
User Activity Detail investigative reports
Standard investigative reports
Favorite investigative reports
Scheduling investigative reports
Managing scheduled investigative reports jobs
Outliers investigative reports
Output options for investigative reports
Accessing self-reporting
Report Center
Report Center Report Catalog
Managing reports
Managing folders
Predefined reports
Report Builder
Using the Report Builder to create a report
Using the Report Builder to view a report
Exporting report contents
Using the Transaction Viewer
Report Center Scheduler
Adding or editing Report Center scheduled jobs
Selecting reports
Setting the schedule
Adding recipients
Selecting delivery options
Scheduled job history
Reviewing Report Center scheduled reports
What are attributes?
Application reporting
Cloud app use
User Summary Report
Cloud App Summary
Client app and operating system summary data
How is user agent data collected?
Client app use details
Operating system use details
Advanced File Analysis report
Real-Time Monitor
Real-Time Monitor in multiple Policy Server deployments
Exceptions to Web Protection Policies
Managing exceptions
How are exceptions organized?
Adding or editing an exception
Overriding an exception
If multiple exceptions could apply, which takes precedence?
Editing multiple exceptions at the same time
Exception shortcuts
How do I block or permit a URL for everyone?
How do I block or permit a URL for one person?
How do I block or permit a URL for my entire role?
How do I block or permit a URL for one of my managed clients?
What is a referer?
Block Page Management
Secure block pages
Blocking graphical advertisements
Blocking embedded pages
Creating alternate block messages
Using an alternate block page on another machine
Determining why a request was blocked
Request blocked by Filtering Service
Request blocked by the hybrid service
Configure the Hybrid Service
Activate your hybrid service account
Specify sites not managed by the hybrid service
Adding or editing hybrid service unfiltered destinations
Configure user access to the hybrid service
Adding domains for hybrid self-registration
Editing domains for hybrid self-registration
Customizing hybrid block pages
Configuring certificate verification bypass
Enabling hybrid HTTPS notification pages
What is the hybrid PAC file?
Send user and group data to the hybrid service
Configure Directory Agent settings for the hybrid service
Configure how data is gathered for the hybrid service
Oracle (Sun Java) Directory Server and the hybrid service
Novell eDirectory and the hybrid service
Adding and editing directory contexts for the hybrid service
Optimizing directory search results for the hybrid service
Schedule communication with the hybrid service
Define custom authentication settings for the hybrid service
Adding custom authentication rules for the hybrid service
Editing custom authentication rules for the hybrid service
Monitor communication with the hybrid service
View hybrid service authentication reports
View the hybrid service User Agent Volume report
Manage Off-site Users
Hybrid service management of off-site users
Configuring the hybrid service for off-site users
Off-site user self-registration
Using remote filtering software
Configuring Remote Filtering settings
Configure remote filtering to ignore FTP or HTTPS traffic
Configure the Remote Filtering Client heartbeat interval
Combine Web, Data, and Mobile Protection
Integrating web and mobile protection solutions
Refine Your Policies
Restricting users to a defined list of URLs
Creating a limited access filter
Editing a limited access filter
Adding sites from the Edit Policy page
Copying filters and policies to roles
Building filter components
Working with categories
Editing categories and their attributes
Reviewing all customized category attributes
Making global category changes
Renaming a custom category
Creating a custom category
Keyword-based policy enforcement
Defining keywords
Reclassifying specific URLs
Prioritizing Security Risk categorization
Blocking posts to sites in some categories
Protocol-based policy enforcement
Editing custom protocols
Adding or editing protocol identifiers
Renaming a custom protocol
Making global protocol changes
Creating a custom protocol
Adding to a pre-defined protocol
Using Bandwidth Optimizer to manage bandwidth
Configuring the default Bandwidth Optimizer limits
Managing traffic based on file type
Enforcement based on file extension
Enforcement based on file analysis
Enabling file type blocking in a category filter
Working with file type definitions
Adding custom file types
Adding file extensions to a file type
Using regular expressions
Using the Toolbox to verify policy enforcement behavior
URL Category
Check Policy
Test Filtering
URL Access
Investigate User
Identifying a user to check policy or test filtering
User Identification for Policy Enforcement
Identifying on-premises users transparently
Transparent identification of remote users
Manual authentication
Configuring user identification and authentication
Setting authentication rules for specific machines
Defining exceptions to user identification settings
Revising exceptions to user identification settings
Secure manual authentication
Generating keys and certificates
Activating secure manual authentication
Accepting the certificate within the client browser
DC Agent
Configuring DC Agent
Reviewing DC Agent polled domains and domain controllers
The dc_config.txt file
Logon Agent
Configuring Logon Agent
Configuring RADIUS Agent
Configuring eDirectory Agent
Adding an eDirectory server replica
Identification and authentication of hybrid users
Authentication priority and overrides
Forcepoint Web Security Endpoint software
Integrating the hybrid service with a single sign-on identity provider
Directory Agent and hybrid user identification
How Directory Agent works with User Service
When hybrid users are not identified
Delegated Administration and Reporting
The fundamentals of delegated administration
Delegated administration roles
Delegated administrators
Delegated administration and reporting permissions
Administrators in multiple roles
Multiple administrators accessing the Forcepoint Security Manager
Preparing for delegated administration
Creating a Filter Lock
Locking categories
Locking protocols
Preparing delegated administrators
Managing delegated administration roles
Adding roles
Editing roles
Adding Administrators
Adding managed clients
Managing role conflicts
Updating delegated administration roles
Delete roles
Delete managed clients
Managing Super Administrator clients
Performing delegated administrator tasks
View your user account
Add clients to the Clients page
Create policies and filters
Reviewing administrator accounts
Enabling network accounts
Server Administration for Web Protection Solutions
Web protection components
Policy enforcement and management components
Reporting components
User identification components
Interoperability components
Reviewing your web protection deployment
Using the Policy Server map
Using the component list
Evaluating directory performance
Review directory server details
Understanding Policy Broker
Reviewing Policy Broker connections
Working with Policy Server
Reviewing Policy Server connections
Adding or editing Policy Server instances
Working in a multiple Policy Server environment
Changing the Policy Server IP address
Working with Filtering Service
Review Filtering Service details
Review Master Database download status
Resuming Master Database downloads
Policy Server, Filtering Service, and State Server
Filtered locations
Adding or editing filtered locations
Managing hybrid service explicit proxies
Adding or editing a hybrid service explicit proxy
Configuring failover to the hybrid service
Integrating with a third-party SIEM solution
Working with Content Gateway
Managing Content Gateway connections
Viewing and exporting the audit log
Stopping and starting web protection services
Installation directories for web protection solutions
Protected cloud apps
Alerting
Flood control
Configuring general alert options
Configuring system alerts
Configuring category usage alerts
Adding or editing category usage alerts
Configuring protocol usage alerts
Adding or editing protocol usage alerts
Configuring suspicious activity alerts
Reviewing current system status
Reporting Administration
Assigning categories to risk classes
Configuring reporting preferences
Configuring how requests are logged
Configuring Log Server
Testing the Log Database connection
Introducing the Log Database for web protection solutions
Web protection reporting database jobs
Log Database administration settings
Configuring database partition options
Configuring Log Database maintenance options
Configuring how URLs are logged
Configuring Internet browse time options
Configuring trend and application data retention
Log Database sizing guidance
Configuring Dashboard reporting data
Configuring investigative reports
Database connection and report defaults
Display and output options
Self-reporting
Configure Network Agent
Configuring Network Agent global settings
Configuring Network Agent local settings
Configuring Network Agent NIC settings
Configuring Network Agent monitoring settings for a NIC
Adding or editing IP addresses during Network Agent configuration
Troubleshooting
Web protection installation and subscription issues
Web protection database issues
The initial database is being used
The Master Database is more than 1 week old
The Master Database does not download
Verify Filtering Service Internet access
Verify Filtering Service firewall or proxy server settings
A recent download attempt of the enforcement Cloud Apps database failed
Contacting Technical Support for database download issues
Filtering Service alert messages
Filtering Service is not running
High CPU usage on the Filtering Service machine
Insufficient disk space on the Filtering Service machine
Insufficient memory on the Filtering Service machine
Filtering Service can't communicate with a transparent identification agent
Filtering Service can't connect to the Management API
Network Agent issues
Network Agent is not installed
Network Agent is not running
Network Agent is not monitoring any NICs
Network Agent can't communicate with Filtering Service
Insufficient memory on the Network Agent machine
High CPU usage on the Network Agent machine
User configuration and identification issues
User and group-based policies are not applied
Unusually high directory server connection latency
User Service is not available
DC Agent has insufficient permissions
DC Agent unable to access required file
DC Agent Domains and Controllers page is blank
I cannot add users and groups to the Forcepoint Security Manager
Directory service connectivity and configuration
Directory service configuration
User identification and Windows Server
Turning on the Computer Browser service
Changing DC Agent, Logon Agent, and User Service permissions
Health alerts and Usage Monitor issues
Where do I find error messages for web protection components?
Health alerts
Usage Monitor is not available
Usage Monitor is not running
Policy Server and Policy Broker issues
I forgot my password
The Policy Database service fails to start
Policy Server stops unexpectedly
A Policy Broker replica cannot synchronize data
Policy API Server is not running
Log Server and Log Database issues
Log Server is not running
Log Server has not received log files from Filtering Service
Low disk space on the Log Server machine
No Log Server is installed for a Policy Server
More than one Log Server is installed for a Policy Server
Log Database was not created
Log Database is not available
Log Database size causes reporting delays
More than 100 files in the Log Server cache directory
Last successful ETL job ran more than 4 hours ago
Log Server is not recording data in the Log Database
Log Server cannot connect to the directory service
Wrong reporting page displayed
Investigative report and presentation report issues
Presentation Reports Scheduler not connected to Log Database
Inadequate disk space to generate reports
Scheduled jobs in presentation reports failed
Trend data is missing from the Log Database
Trend reports are not displaying data
All reports are empty
Verify your Log Server configuration
Error generating presentation report, or report does not display
Investigative reports search issues
General investigative reports issues
Other reporting issues for web protection solutions
Low memory on the Real-Time Monitor machine
Real-Time Monitor is not running
Real-Time Monitor is not responding
No charts appear on the Status > Dashboard page
There is a forensics data configuration problem
The forensics repository location could not be reached
Forensics data will soon exceed a size or age limit
Multiplexer or Bridge Service is not running or not responding
Message Broker Handler is not running
Event Message Broker is not running
Multiple Event Message Brokers are not running
SIEM Connector is not running
Cloud App Service is not running
Cloud App Agent is not running
Filtering Service cannot connect to the Cloud App Agent
Forcepoint Security Manager cannot connect to the Cloud App Agent
Forcepoint Web Security interoperability issues
Content Gateway is not running
Content Gateway is not available
Content Gateway non-critical alerts
Administrator unable to access other Security Manager modules
Sync Service is not available
Sync Service has been unable to download log files
Sync Service has been unable to send data to Log Server
Hybrid policy enforcement data does not appear in reports
Disk space is low on the Sync Service machine
The Sync Service configuration file
Directory Agent is not running
Directory Agent cannot connect to the domain controller
Directory Agent communication issues
Directory Agent does not support this directory service
The Directory Agent configuration file
Directory Agent command-line parameters
Alerts were received from the hybrid service
Unable to connect to the hybrid service
Hybrid service unable to authenticate connection
Missing key hybrid configuration information
Connection to Forcepoint CASB has been lost
Protected Cloud Apps is enabled but not fully configured

Table of Contents You are at the beginning of the document Go to the next page
Copyright 2018 Forcepoint. All rights reserved.