Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Web Policies > Endpoint tab
Endpoint tab
Related topics:
Use the Endpoint tab to enable secure transparent authentication with the web endpoint for end users whose requests are managed by this policy.
From this tab you can deploy the Proxy Connect endpoint to either the roaming users or all users in the policy directly from the cloud. (The Direct Connect endpoint must be installed manually; it cannot be installed automatically from the cloud service.)
*
*
Roaming users must first authenticate themselves via the Roaming home page before being asked to install the endpoint software.
See this Knowledge Base article for a list of browsers that support Proxy Connect endpoint deployment directly from the cloud.
For both Proxy Connect and Direct Connect endpoint software, you can push the endpoint manually to selected client machines using your preferred distribution method. For more information, see Configure Endpoint settings.
 
Note 
For both Direct Connect and Proxy Connect endpoint clients, you can choose to automatically update endpoint whenever a new version is released.
Note that if you select an automatic update option, it applies to all users in the policy who have installed the endpoint on the selected operating system, regardless of how the endpoint software was originally deployed.
Endpoint PAC Control
By default, Proxy Connect endpoint clients retrieve the cloud service PAC file and use it to determine which websites should be accessed through the cloud proxy, and which port to use for web browsing.
Use the settings in the Endpoint PAC Control section to determine which PAC file URL Endpoint should access for users in this policy.
The options are:
*
Use default PAC file URL: retrieves the PAC file over port 8082 (or 8087 for HTTPS). Web browsing is performed via port 8081.
*
Use alternate PAC file URL: retrieves the PAC file over port 80 (or port 443 for HTTPS). Web browsing is also performed via ports 80 or 443. Use this option for locations where ports 8081 and 8082/8087 are locked down.
For more information on the default and alternate PAC file URLs, see Proxy auto-configuration (PAC).
Select Retrieve PAC file over HTTPS to download PAC files over a secure (HTTPS) connection. For more information on this setting, see Accessing PAC files over HTTPS.
 
Note 
These settings only apply to the Proxy Connect endpoint. The Retrieve PAC file over HTTPS option requires build 2826 or later. Earlier versions of the Proxy Connect endpoint will always download the PAC file over HTTP, and are not affected by this setting. Ensure that your Endpoint clients have connectivity to a Forcepoint data center on TCP ports 8087 or 443, as appropriate, before enabling this option.
Endpoint installation
To configure web endpoint software installation:
1.
If you want to deploy the Proxy Connect endpoint client automatically, mark the Deploy endpoint software on user machines... checkbox.
This setting defines whether the endpoint is deployed to the end users in this policy. If you clear this option at a later date, there will be no further new deployments of the endpoint. However, the installed endpoint software will continue to work unless it is uninstalled from the client machines.
2.
3.
If you clear these options at a later date, there will be no further automatic updates of existing installations, although the installed endpoints will continue to work.
4.
Use the alternate PAC file address for locations where non-standard ports are locked down (see Endpoint PAC Control.
5.
The message can be used to reassure the user that the download is company-approved, and to provide any further information they may need. To customize the message, enter the message you want to display in the Branding text field.
6.
Click Submit when done.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Web Policies > Endpoint tab
Copyright 2020 Forcepoint. All rights reserved.