Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Getting started > Cloud Web setup
Cloud Web setup
Getting Started Guide | Forcepoint Web Security Cloud
During the initial setup process, you need to configure your firewall to access Forcepoint Web Security Cloud, set up end-user registration and identity management, set up your first policy, and test your configuration.
If you are not able to complete each step immediately, you can skip to the next step and complete any missed items later.
To begin, you will need to have:
*
*
The stages of the setup are:
*
*
*
Step 1: Firewall Setup
Your firewall must allow TCP connections outbound to Forcepoint data centers on specific ports. For details of the firewall ports required and how they are used, see Configuring your firewall to connect to the cloud service in the Web Security Cloud help.
Step 2: End Users
End user information can be sent to the cloud service in one of 2 ways:
*
*
Synchronize users from my directory (recommended when using a private Active Directory or LDAP) involves installing the Directory Synchronization Client in your network and configuring it to synchronize user and group information from your LDAP directory to the cloud service.
*
System for Cross-domain Identity Management (SCIM)
Your identity provider must be configured to work with the cloud service so that user and group data can be synchronized from the provider. See How the service works with SCIM in Cloud Security Help for more details.
 
Note 
Directory Synchronization
To enable directory synchronization between your LDAP directory and the cloud service, start by creating the contact with Directory Synchronization permissions. The user name and password will be used by the Directory Synchronization Client to connect to the cloud service.
Refer to the Directory Synchronization Client Administrator's Guide for further information, including how to download and configure the client software.
Add Users manually
User accounts that you plan to use for testing can be added when a new policy is added. See the step for Adding end users when setting up a policy.
Step 3: Policy Setup
Use the Web > Policy Management > Policies page to create a basic policy to determine which websites can and cannot be accessed by users whose traffic is managed by the cloud service.
The steps below walk you through creating a very basic policy that you can customize later if necessary. See Defining Web Policies in Cloud Security Help for complete details.
1.
Click Add.
2.
3.
*
Default blocks access to sites in commonly blocked categories, like Adult Material, Gambling, and sites that present a security risk, while permitting access to sites commonly used for business or educational purposes.
*
Security only blocks only sites that present a security risk (such as phishing-related sites or sites that host malware) and permits access to all others.
*
Monitor only does not block any websites, but logs user activity for use in reporting.
4.
Select a Time zone for this policy. This may be used both for time-based policy enforcement and reporting log records.
5.
Configuring policy connections
Select the Connections tab to identify the traffic originating from your organization that should be managed by the policy that you are creating.
Each connection is a public-facing IP address, range, or subnet for the gateway through which users' traffic reaches the Internet.
To get started, click Add, then:
1.
Enter a unique Name and Description for the connection.
2.
Select a connection Type: IP address, IP address range, or subnet.
3.
4.
Optionally, select a Time zone for this connection. If no time zone is selected, the time zone defined for the policy as a whole is used.
5.
Click Continue.
Repeat this process for each connection that you want to define for this policy.
Adding end users
The End Users tab is where all end-user registration configuration is performed. Registration is a method of getting user credentials into your cloud service account.
To get started with this new policy, select Invite an end-user in the User Management section.
1.
2.
Enter the user's Email address (for example, jdoe@mydomain.com).
3.
Enter the user's NTLM identity (for example, mydomain/jdoe).
4.
Repeat this process as needed.
Directing user traffic to the cloud service
Use the Default Pac file addresses on the Web > Settings > General page to get the information you need to use a PAC file to direct user traffic from your browser to the cloud service.
Note: Forcepoint recommends performing initial testing using a PAC file manually configured in a browser. For details of other connectivity methods, see Forwarding traffic.
Perform the following steps on a machine that is inside the network that you defined as a connection in the previous step. (This may be the same machine that you are using to access the cloud portal.)
Configure Chrome to use a PAC file
1.
2.
Open the Settings menu.
3.
Click the Advanced Settings link, then scroll down to the Network section.
4.
Click Change proxy settings. This opens an Internet Explorer dialog box to the Connections tab.
5.
Click LAN Settings.
6.
Mark the Use automatic configuration script check box, then paste the URL from the portal page in the address field.
7.
Click OK twice to close the dialog box.
Configure Internet Explorer to use a PAC file
1.
2.
Open the Internet options menu.
3.
Select the Connections tab, then click LAN Settings.
4.
In the settings dialog box, mark the Use automatic configuration script check box and paste the URL from the portal page in the address field.
5.
Click OK twice to close the dialog box.
Configure Firefox to use a PAC file
1.
2.
Open the Options menu.
3.
Select the Advanced > Network tab.
4.
Click Settings, in the Connection section at the top of the tab.
5.
Select Automatic proxy configuration URL and paste in the URL from the portal page.
6.
 
Note 
Next steps
After completing the basic setup, you have all that is needed to test and begin deploying Forcepoint Web Security Cloud. Your account has a single policy that controls and secures your organization's web traffic, and traffic is directed to the service via your browser's PAC file configuration. By default, the service applies your policy settings to all traffic from the IP address defined in the policy.
To get the most out of the solution, you may wish to implement a different traffic forwarding method, enable end-user authentication, tailor your policies, and view and create reports. The rest of this document guides you through these more advanced topics as you continue to roll out your deployment. The remainder of the document is organized into the following topics:
*
*
*
The appendix provides sample communications you can use to educate your users about your Forcepoint web protection solution (see Preparing end users for deployment).

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Getting started > Cloud Web setup
Copyright 2022 Forcepoint. All rights reserved.