Go to the table of contents Go to the previous page Go to the next page View or print as PDF
v8.5.4 Release Notes for Web Protection Solutions : New in Web Protection Solutions
New in Web Protection Solutions
Release Notes | Forcepoint Web Security and Forcepoint URL Filtering | 8-June-2020
*
*
*
*
*
*
*
*
*
*
Product mapping
Version 8.0 was the first product release that used a new, simplified product naming and grouping of the familiar product line.
Version 8.4 then reset the product names to better align with the company vision.
 
Security enhancements
Forcepoint Security Labs Analysts continually assess potential security vulnerabilities which can be introduced by third-party libraries. Security improvements have been made in several areas in version 8.5.4.
A security update done for the v8.5.4 product release has resulted in a new requirement for a specific dynamic-link library (dll) when installing or upgrading v8.5.4 Forcepoint Web Security or Forcepoint URL Filtering software on a Windows platform.
If you have not recently downloaded the Visual C++ Redistributable Package from Microsoft, it is likely that the installation/upgrade will prompt with the error "Installation failed with error code 3004". The log file generated by the installation/upgrade process, available in the Temp folder of the user running the installer, will contain a line similar to:
java.lang.UnsatisfiedLinkError: C:\Users\Administrator\AppData\Local\Temp\2\I1588276985\Windows\resource\jre\bin\freetype.dll: Can't find dependent libraries
The dependency referenced in this log entry is for vcruntime140.dll, a file that is part of the Redistributable Package.
Should the error occur during the install/upgrade process:
1.
2.
3.
4.
Content Gateway enhancements
Enhancements have been made to Content Gateway.
*
Open Content Gateway manager and navigate to Configure > Security > Access Control and select Global Authentication Options. A new Redirect Options section contains the Redirect Hostname entry field as well as new options for Redirect for HTTPS Authentication.
This new option is disabled by default. Click Enabled to direct all HTTPS requests to authenticate over HTTPS in transparent proxy deployments.
Changing the manager options also resets a new records.config variable.
proxy.config.auth.ssl_auth_url
*
Content Gateway Manager currently offers either Web DLP or ICAP as the Integration options on the Configure > My Proxy > Basic > General page when Content Gateway is deployed with the DLP Module. By default, the options are provided with radio buttons, making them mutually exclusive.
A new variable has been added that changes the radio buttons to check boxes, making them both selectable. To enable the ability to select both options, add the following to records.config (in /opt/WCG/config, by default).
CONFIG proxy.config.dss_and_icap.enabled INT 1
When this variable is enabled (1), the UI will allow both check boxes to be selected. Change the value to 0 to disable the feature and change the selections back to radio boxes.
*
A new variable has been added that allows Content Gateway to send "unknown" as a valid file type to Filtering Service. To enable this feature, add the following to records.config (in /opt/WCG/config, by default).
CONFIG wtg.config.filter_unknown_file INT 1
Reset the value to 0 to disable the feature.
In addition, when this variable is enabled, "unknown" is included in the list of file types displayed when creating a Block file types list for a specific category on the Policy Management > Filters > Add/Edit Category Filter page of Forcepoint Security Manager.
*
When a domain list that includes an IWA domain is used in rule-based authentication, the Captive Portal option is no longer disabled.
*
*
The Session Cache section, previously available on Configure > SSL > Decryption / Encryption > Outbound, has been removed to avoid Content Gateway restarts. Upgrades to v8.5.4 will automatically disable these options if they had been previously enabled.
Note that no significant performance differences were found after removing these caching options.
SIEM enhancements
Improvements have been made in Forcepoint Web Security to the Security Information and Event Management (SIEM) Integration feature.
*
The Settings > General > SIEM Integration page of Security Manager now supports the entry of up to 10 SIEM integrations.
The main page provides details for each of the SIEM solutions that have been added. Use the Add button to continue adding or click the link that is the IP Address of an existing entry to edit it.
Note that, with v8.5.4 and this new functionality, data from each Policy Server is no longer forwarded to all SIEM solutions configured for other Policy Servers assigned to the same Policy Broker.
*
With 8.5.4, a new option has been added to the Settings > General > SIEM Integration page to support the ability to send audit log records to a SIEM integration defined for the primary Policy Server.
In the new Audit Log Data section, check Enable SIEM integration for this Policy Server to enable the feature, then complete the remainder of the section.
Note that this feature is available only for the primary Policy Server and does not appear if you are logged into a secondary Policy Server.
 
Important 
See the Incremental Upgrade Guide for more information.
Other reporting enhancements
Enhancements have been made for some of the other reporting tools.
*
*
*
Forcepoint Web Security Endpoint
New Forcepoint Web Security Endpoint builds are frequently released and we advise Forcepoint Web Security customers who use the Hybrid Module or whose deployment includes Forcepoint DLP to select the Downloads option from the My Account page to download the latest Endpoint build.
On the Downloads page:
1.
2.
3.
Follow the instructions in the Installation and Deployment Guide for Forcepoint Endpoint Solutions to install and deploy the latest build.
Browser support
See the Certified Product Matrix for the latest list of supported browsers.
Logon application support
Logon Agent communicates with the logon application (LogonApp) on client machines to identify users as they log onto or off of Windows domains.
*
The logon application supports the following operating systems:
*
*
*
For more information about Logon Agent and the logon application, see the Using Logon Agent for Transparent User Identification white paper.
Third-party platform and product support
All components
This version adds support for:
*
*
*
*
*
This version ends support for:
*
*
*
*
*
See the full list of supported operating systems here.
See the Certified Product Matrix for the latest list of supported browsers.
 
Note 
Note that installing web protection components on Windows Server 2012 or 2012 R2 requires Microsoft .NET Framework v.35 and v4.5. Install both and turn them both on before running the Forcepoint Security Installer.
Content Gateway
This version is supported on:
*
 
Important 
As a best practice, Red Hat Enterprise Linux systems that host Content Gateway should be registered with Red Hat Network and kept up-to-date with the latest security patches.
 
Important 
 
Important 
For a complete platform requirements information, see System requirements for this version in the Deployment and Installation Center.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
v8.5.4 Release Notes for Web Protection Solutions : New in Web Protection Solutions
Copyright 2020 Forcepoint. All rights reserved.