Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Release Notes for Web Protection Solutions : New in Web Protection Solutions
New in Web Protection Solutions
Release Notes | Forcepoint Web Security and Forcepoint URL Filtering | 29-APR-2022
*
*
*
*
*
*
*
Security enhancements
Forcepoint Security Labs Analysts continually assess potential security vulnerabilities which can be introduced by third-party libraries. Security improvements have been made in several areas in version 8.5.5.
A security update done for the v8.5.4 product release has resulted in a new requirement for a specific dynamic-link library (dll) when installing or upgrading v8.5.4 or v8.5.5 Forcepoint Web Security or Forcepoint URL Filtering software on a Windows platform.
If you have not recently downloaded the Visual C++ Redistributable Package from Microsoft, it is likely that the installation/upgrade will prompt with the error "Installation failed with error code 3004". The log file generated by the installation/upgrade process, available in the Temp folder of the user running the installer, will contain a line similar to:
java.lang.UnsatisfiedLinkError: C:\Users\Administrator\AppData\Local\Temp\2\I1588276985\Windows\resource\jre\bin\freetype.dll: Can't find dependent libraries
The dependency referenced in this log entry is for vcruntime140.dll, a file that is part of the Redistributable Package.
Should the error occur during the install/upgrade process:
1.
2.
3.
4.
Hybrid enhancements
Improvements have been made for the Hybrid Module of Forcepoint Web Security.
Generic SAML support for single sign-on
The single sign-on feature uses the Security Assertion Markup Language (SAML 2.0) data format to send authentication requests to and receive responses from your identity provider. Previously when configuring single sigh-on, a specific identity provider had to be selected from an available list of providers.
This enhancement provides support for any identity provider that supports the SAML 2.0 standard. A new selection, SAML 2.0 Compliant Identity Provider, is an option on the Web > Settings > Hybrid Configuration > Hybrid User Identification page of Forcement Security Manager. The metadata for your identity provider is configured as before.
PAC file size limit increase
The earlier 50KB limit for the PAC file sent by Sync Service to the hybrid service has been increased to 256KB. See What is the hybrid PAC file in Administrator Help for more information.
Policy-level CASB
An enhancement to the Protected Cloud Apps feature has been made that allows policy enforcement for cloud applications by all or a subset of the filtering policies.
After selecting the cloud applications on the Web > Settings > CASB Configuration > Protected Cloud Apps page of Forcepoint Security Manager, use the Forward to Forcepoint CASB option to chose the policies that will forward requests to Forcepoint CASB for enforcement:
*
For All policies (the default) to forward all user requests for the selected cloud apps.
*
Per policy to choose specific policies to forward all user requests for the selected cloud apps.
When Per policy is selected, tables provide a method of indicating which policies should or should not forward requests to CASB. Filtering Service handles all user requests to a cloud app if the policy being applied is not configured to Forward to Forcepoint CASB.
Miscellaneous Enhancements
Other enhancements are included with the release of v8.5.5.
*
*
The Web > Settings > CASB Configuration > Protected Cloud Apps page now lists all custom cloud apps added in the CASB portal.
*
*
Configure the proxy.config.auth.ssl_autl_url variable in records.config to disable the feature. This setting disables (0) or enables (1) authentication of HTTPS requests over HTTPS, using port 8443. When disabled, authentication for HTTPS requests is done over HTTP, using port 8080.
Browser support
See the Certified Product Matrix for the latest list of supported browsers.
Logon application support
Logon Agent communicates with the logon application (LogonApp) on client machines to identify users as they log onto or off of Windows domains.
The logon application supports the following operating systems:
*
*
*
For more information about Logon Agent and the logon application, see the Using Logon Agent for Transparent User Identification white paper.
Third-party platform and product support
All components
This version adds support for:
*
*
*
This version ends support for:
*
*
See the full list of supported operating systems here.
See the Certified Product Matrix for the latest list of supported browsers.
 
Note 
Note that installing web protection components on Windows Server 2012 or 2012 R2 requires Microsoft .NET Framework v.35 and v4.5. Install both and turn them both on before running the Forcepoint Security Installer.
Content Gateway
This version is supported on:
*
 
Important 
As a best practice, Red Hat Enterprise Linux systems that host Content Gateway should be registered with Red Hat Network and kept up-to-date with the latest security patches.
 
Important 
 
Important 
For a complete platform requirements information, see System requirements for this version in the Deployment and Installation Center.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Release Notes for Web Protection Solutions : New in Web Protection Solutions
Copyright 2022 Forcepoint. All rights reserved.