New in this version

Updated 31-Oct-2018


Applies to:	Forcepoint Web Security Cloud

General Data Protection Regulation (GDPR) Compliance

Forcepoint Web Security Direct Connect Endpoint has been updated to enable Forcepoint customers to be compliant with the new General Data Protection Regulation (GDPR), which goes into affect in the European Union in May 2018.

Forcepoint Web Security Direct Connect Endpoint contains three log files:

Debug Dump (DebugDump.txt): This log file contains basic information about the user and endpoint machine. This log file is stored as a plain text, unencrypted txt file in the installation directory and can be accessed by any user who can access the folder. Logs are deleted when the endpoint software is uninstalled, or when the log limit is reached (5 logs, rotated after they reach 2MB).

For more information about deleting the Debug Dump file, see the Deleting Debug Dump Files knowledge base article (My Account log in required).

Audit Log (statuslog.csv): This log file contains domain/username, full URLs, and audit events. This log file is stored as an AES-encrypted csv file in the installation directory. This file is sent to the cloud over a TLS (SSL) connection to the server. The password is hardcoded in the code.

Statistics Log (statisticslog.csv): This log file contains statistical information about the transactions between the endpoint machine and server. This log file is stored as an AES-encrypted csv file in the installation directory. This file is sent to the cloud over a TLS (SSL) connection to the server.

The Diagnostics Tool, available to the user via the icon on the endpoint machine, does not contain user personally identifiable information (PII).

Support for latest browsers

Browsers are tested with existing versions of endpoint solutions when they become available. For a full list of supported browsers and operating systems for each endpoint version, see the Certified Product Matrix.

When you deploy Forcepoint Web Security Direct Connect Endpoint to Windows endpoints with Firefox v53 or higher installed, follow the below deployment guidance:

Edit the DCUserConfig.xml configuration file to specify the following configuration parameters in "DCSetting":

When to use Forcepoint Web Security Direct Connect Endpoint

Forcepoint Web Security Direct Connect Endpoint is available alongside the existing Forcepoint Web Security Proxy Connect Endpoint. The Proxy Connect endpoint will continue to be available and supported and remains the default solution for securing roaming users in most situations.

The Direct Connect endpoint extends roaming user protection to use cases where a proxy-based approach can be problematic. In general, you should consider using the Direct Connect endpoint if the following applies to your organization:

Geo-localized content: Localized content is critical; for example, your Marketing organization translates content into many languages.

Unmanaged/third-party/complex networks: You have complex networks and changing network connections; for example, you have a remote workforce traveling and operating on client sites.

Geographic firewalls: A geographical firewall prevents proxy use; for example, due to a national firewall or local network security system.

Frequently changing network conditions: Frequent switching between different network connections; for example using a mix of mobile, wifi and on-prem networks.

Proxy unfriendly websites: You use a significant number of websites that do not work well with proxy technology and would otherwise require proxy bypass.

Proxy unfriendly applications: You have non-browser and/or custom applications that require bypasses due to conflicts with proxy technology.

Direct Connect and Proxy Connect endpoints can both be used in the same customer deployment; however, only one type can be installed on a PC.


	Important Although Forcepoint Web Security Direct Connect Endpoint can provide improved security coverage as outlined in the use cases above, please check that the networking requirements and level of feature support are acceptable in your intended deployment.