Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Introduction > How Forcepoint Web Security Cloud works
How Forcepoint Web Security Cloud works
Getting Started Guide | Forcepoint Web Security Cloud
Forcepoint Web Security Cloud operates as a proxy server for HTTP and HTTPS traffic, as well as FTP over HTTP. When users request a web resource, their browsers do not connect directly to Internet web servers (shown in the following diagram as origin servers), but instead connect to the cloud proxy, which in turn relays requests to the origin server. This allows the cloud service to apply filtering rules and perform content scanning, providing protection against security threats, data loss, and inappropriate content.
The service can use various methods to identify and authenticate users: a Forcepoint Endpoint client, a third-party single sign-on identity provider, NTLM transparent identification, or manual authentication with a user name and password. Roaming users (those connecting from an unknown IP address) can be identified via the Forcepoint Endpoint client, via a single sign-on provider, or they are required to authenticate.
Optional SSL decryption allows the content of HTTPS sessions to be scanned, and allows the service to show the correct notification page to users (for example, a block page if the SSL site is in a category that is blocked). Content is re-encrypted after inspection.
The following diagram shows a basic overview of web traffic protected by Forcepoint Web Security Cloud.
The diagram shows the following elements of the service.
Authentication, filtering and enforcement settings are applied by a policy, which determines which requests to allow or block, performs real-time content scanning, and applies data security filtering, helping to prevent inadvertent or malicious data loss.
Secure (HTTPS) sessions are forwarded over a tunneled connection. If you enable SSL decryption, the content of these sessions can be scanned and policy settings applied, before the traffic is re-encrypted. This feature requires you to install a root certificate on end-users' machines, allowing clients to connect securely to the cloud proxy. (See Enabling SSL decryption in the Forcepoint Web Security Cloud help for more information.)
Key concepts
In order to get started with the service, you must arrange to forward your web traffic to the service, add users to the service (if required), and create policies to control web access (a default policy is pre-configured).
Traffic forwarding
In order for the service to perform filtering, you must redirect web traffic to the cloud service, and configure your firewall to allow access to the service on specific ports.
Traffic can be directed to the cloud service in a number of ways:
Alternatively, a Forcepoint I Series appliance can be deployed in order to provide fast, flexible on-premises traffic analysis. If you have an existing on-premises proxy, this can be connected to the service via proxy chaining.
For more information about forwarding traffic, see Forwarding traffic.
User synchronization
The service can identify and authenticate users in order to provide user and group-specific policy enforcement, and detailed user activity reporting. Users can be added manually, or identity management can be configured so that user details are automatically updated to the cloud service.
This step is optional; some organizations apply the same policies to all users based solely on IP address, without requiring users to authenticate.
Note: if your organization has roaming users (those who connect from locations outside of your network), those users must be registered and must identify themselves in order to use the service remotely. See User registration methods.
Policies allow or block access to web resources, and control your authentication, content filtering, security, and data loss prevention (DLP) settings. Exceptions can be configured to override or bypass policy settings per user or group.
Filtering is based on a set of web categories drawn from the Forcepoint URL Database, constantly updated by Forcepoint Security Labs, with security threats identified in real time by Forcepoint ThreatSeeker Intelligence.
A default policy is available, providing a set of standard web filtering settings. Once you are up and running with the service, you can edit this policy and create new ones, providing differing levels of access for different users and departments. (See Tailoring your policies.)

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Introduction > How Forcepoint Web Security Cloud works
Copyright 2022 Forcepoint. All rights reserved.