Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Installation and upgrade
Updated 25-Feb-2020
Hardware requirements
The following are minimum hardware recommendations for a machine with the Direct Connect Endpoint installed:
*
*
*
Support for latest browsers and operating systems
Browsers and operating systems are tested with existing versions of Forcepoint One Endpoint when they become available. For a full list of supported browsers and operating systems for each endpoint version, see the Certified Product Matrix.
Enabling the macOS 10.14 kernel extension
When the endpoint machine loads the Direct Connect Endpoint for the first time, a window is shown to prompt you to enable the extension. You can enable the extension in System Preferences > Security & Privacy. For more information, see the User-Approved Kernel Extension Loading Technical Note from Apple.
 
Note 
Disabling the blocked kernel extension prompt
To disable macOS from prompting the user to allow kernel extensions, complete the following steps. Please note that following these steps automatically allows all kernel extensions.
1.
2.
spctl kext-consent disable
3.
Networking requirements
Firewall ports
*
*
*
Firewall settings
Local network infrastructure must allow access to Forcepoint Cloud IP range. (See Cloud service data center (cluster) IP addresses and port numbers for details.)
Fallback mode will engage if the Forcepoint Cloud IP range is blocked. In Fallback mode, the endpoint continues to prevent access to previously blocked sites, so users' computers are partially protected. For more information, see Fallback mode in the End User's Guide for Forcepoint One Endpoint.
Obtaining endpoint client software
To obtain the latest Direct Connect Endpoint client software package, log onto the Forcepoint Security Portal, and then go to Web > Endpoint > General to download the endpoint installation package.
You must set an anti-tampering password to enable the package download links.
Deploying new Mac endpoints
For instructions, see the Installation and Deployment Guide for Forcepoint One Endpoint.
Uninstalling Forcepoint Web Security Direct Connect Endpoint
To uninstall from the command line:
1.
sudo wepsvc --uninstall
2.
3.
To uninstall from System Preferences:
1.
2.
Click Forcepoint to open the Forcepoint Endpoint Preferences page.
3.
Click the Uninstall Endpoint button.
4.
Type the anti-tampering password, then the root user password to continue.
5.
Click OK to close the confirmation dialog window.
Starting and stopping Forcepoint Web Security Direct Connect Endpoint
1.
2.
sudo wepsvc --stop
3.
sudo wepsvc --status --wsdc
4.
sudo wepsvc --start
Upgrading existing deployments
On an endpoint machine with a lower version of Direct Connect Endpoint installed:
You can install this version without uninstalling the lower version. Run the Direct Connect Endpoint installation package to automatically remove the installed version, then install this version.
On an endpoint machine with Proxy Connect Endpoint installed:
If you are upgrading an endpoint machine from the Proxy Connect Endpoint to the Direct Connect Endpoint, you must uninstall the Proxy Connect Endpoint before installing the Direct Connect Endpoint.
Auto-Update:
Automatic updates are enabled through the Forcepoint Security Portal. For more information, see the Upgrade Guide for Forcepoint One Endpoint.
 
Note 
Deployment model support
This build supports the following deployment models:
*
*
*
*
*
*
*
Application support
By default, any running applications are subject to the same web enforcement policy on port 80 (HTTP requests) and port 443 (HTTPS requests). Occasionally, some applications do not work properly in conjunction with endpoint enforcement. This might occur with, for example, custom-designed applications for your organization, or applications that need to contact an Internet location for updates.
If you are experiencing problems with applications on endpoint machines, go to the Endpoint Bypass tab on the Web > Endpoint page in the Forcepoint Security Portal and add the names of any application executables that you want to bypass endpoint policy enforcement. For more information, see Endpoint bypass in the Forcepoint Security Portal Help.
Fallback mode
If the Direct Connect Endpoint is unable to contact the Forcepoint cloud service, it moves into Fallback mode. The device is now partially protected by applying filters cached from previously blocked site visits. For example, if the user previously saw a block page when visiting Facebook, then the user would also see a block page when visiting Facebook while in Fallback mode. This block page indicates that it was a result of cached results. Once the network issue is resolved, normal filtering resumes.
For more information, see Fallback mode in the End User's Guide for Forcepoint One Endpoint.
Configuring endpoint behavior
Following are some of the configuration options available in the Forcepoint Security Portal for the Direct Connect Endpoint. Note that all links go to the Forcepoint Technical Library.
*
*
*
*
*
Endpoint bypass settings.
*
*
*
*
*
*
Unsupported options
The following configuration options are not currently supported by the Direct Connect Endpoint.
Functional:
*
*
*
*
*
*
*
*
*
*
*
Operational/Deployment:
*
*
 

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Copyright 2020 Forcepoint. All rights reserved.