Go to the table of contents Go to the previous page Go to the next page
Initial Configuration for All Security Modules > Additional configuration for the Web Security DLP Module
Additional configuration for the Web Security DLP Module
Deployment and Installation Center | Forcepoint Web Security
 
In addition to the items under Initial configuration for web protection solutions, perform these procedures if your subscription includes the DLP Module.
Confirm Content Gateway registration with Forcepoint DLP
Content Gateway registers with Forcepoint DLP automatically. To ensure that registration is successful:
*
*
*
After registration, the IP address can move to another network interface.
If registration fails an alarm displays in the Content Gateway manager.
1.
2.
In the Content Gateway manager, navigate to the Configure > My Proxy > Basic > General page.
3.
In the Networking section, confirm that Web DLP > Integrated on-box is enabled.
4.
Alternatively:
a.
Go to the Configure > Security > Web DLP page and enter the IP address of the management server.
b.
c.
Click Register.
After Content Gateway has registered with Forcepoint DLP:
1.
In the Content Gateway manager, go to the Configure > Security > Web DLP page.
2.
Enable Analyze FTP Uploads to send FTP uploads to DLP Module components for analysis and policy enforcement.
3.
Enable Analyze HTTPS Content to send decrypted HTTPS posts to DLP Module components for analysis and policy enforcement. SSL Manager must be enabled on Content Gateway.
These options can be accessed whenever Forcepoint DLP is registered by going to the Configure > Security > Web DLP > General page.
4.
Click Apply and restart Content Gateway.
See Forcepoint DLP ports for ports used by DLP Module components to communicate with the Content Gateway proxy.
Configuring the Content Gateway policy engine
When Content Gateway is registered with DLP Module components, Content Gateway appears on the System Modules page in the Data Security module of the Forcepoint Security Manager.
By default, this agent is configured to monitor web traffic, not block it, and for a default violation message to appear when an incident is triggered. If this is acceptable, you do not need to make changes to the Content Gateway configuration. Simply deploy the new settings.
If you want to block web traffic that breaches policy and customize the violation message, do the following:
1.
2.
It will be listed as Content Gateway on <FQDN> (<PE_version>), where <FQDN> is the fully-qualified domain name of the Content Gateway machine and <PE_version> is the version of the Content Gateway policy engine.
3.
Select the HTTP/HTTPS tab and configure the blocking behavior you want.
Select Help > Explain This Page for instructions for each option.
4.
Select the FTP tab and configure the blocking behavior you want.
Select Help > Explain This Page for instructions for each option.
5.
Click Save to save your changes.
6.
Click Deploy to deploy your settings.
 
Important 
Even if you do not change the default configuration, you must click Deploy to finalize your Content Gateway deployment process.
Verifying web and data protection linking
When Linking Service is installed, it allows Web DLP components to access user identification and URL categorization data. To verify that it is working:
1.
2.
Select Settings > General > Linking Service.
3.
Select Help > Explain This Page for detailed information about the settings on this screen.
4.
Click OK to save any changes.
5.
Click Deploy to deploy your settings.

Go to the table of contents Go to the previous page Go to the next page
Initial Configuration for All Security Modules > Additional configuration for the Web Security DLP Module
Copyright 2023 Forcepoint. All rights reserved.