Transcription

I nst allat ion a n d D e p l o y me n t Gu i d eForcepoint One Endpoint Solutions2 0 .1 2

2020 ForcepointForcepoint and the FORCEPOINT logo are trademarks of Forcepoint. All other trademarks used in this document are the property of theirrespective owners.Published 2020Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to thisdocumentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liablefor any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or theexamples herein. The information in this documentation is subject to change without notice.Last modified 8-Dec-2020

ContentsContentsChapter 1Introducing Forcepoint One Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Related materials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Forcepoint One Endpoint documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Forcepoint Support site and Knowledge Base . . . . . . . . . . . . . . . . . . . . . . . . . 3Management server installation documentation . . . . . . . . . . . . . . . . . . . . . . . . 3Forcepoint One Endpoint configuration documentation. . . . . . . . . . . . . . . . . . 4About Forcepoint One Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Do I have a Forcepoint One Endpoint agent or a conventional ForcepointEndpoint agent?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Forcepoint One Endpoint package builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Forcepoint Web Security Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Forcepoint Proxy Connect Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Forcepoint Direct Connect Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Remote Filtering Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Forcepoint DLP Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Forcepoint Endpoint Context Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Forcepoint CASB Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Forcepoint Web Security Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Forcepoint DLP Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Forcepoint Endpoint Context Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Endpoint compatibility in a mixed deployment . . . . . . . . . . . . . . . . . . . . . . . 10System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Hardware requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Operating system requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Virtual Desktop Infrastructure (VDI) (DLP and ECA only). . . . . . . . . . . . . . 11Browser support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Forcepoint Web Security Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Forcepoint DLP Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Forcepoint DLP Endpoint channel support. . . . . . . . . . . . . . . . . . . . . . . . . . . 12Email clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Printer drivers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Application controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Supported removable media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13LAN control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Destination channels by operating system . . . . . . . . . . . . . . . . . . . . . . . . . 14Chapter 2Obtaining or Creating the Installation Package . . . . . . . . . . . . . . . . . . . . . . . 17Preparing for your Forcepoint Endpoint Context Agent installation . . . . . . . . . . 18Installation and Deployment Guide i

ContentsAuthenticating Forcepoint ECA using client certificates . . . . . . . . . . . . . 18Configuring Forcepoint Endpoint Context Agent settings in the SMC . . . 19Downloading Forcepoint Web Security Endpoint installation packages (Clouddeployments) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Guidelines for creating an anti-tampering password . . . . . . . . . . . . . . . . . . . . . . 21Using special characters (Mac operating systems) . . . . . . . . . . . . . . . . . . 21Using special characters (Windows operating systems) . . . . . . . . . . . . . . 21Creating installation packages from the package builder (On-premises and Hybriddeployments) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Downloading the package builder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Checking file integrity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Creating the installation package from the package builder . . . . . . . . . . . . . . 24Forcepoint DLP Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Forcepoint Web Security Direct Connect Endpoint . . . . . . . . . . . . . . . . . 33Forcepoint Web Security Proxy Connect Endpoint. . . . . . . . . . . . . . . . . . 35Remote Filtering Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Forcepoint Endpoint Context Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Forcepoint CASB Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Global settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Chapter 3Deploying Forcepoint One Endpoint in your Enterprise . . . . . . . . . . . . . . . . 43Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Disabling automatic updates for Forcepoint Web Security Endpoint. . . . . . . 44Adding a custom DCUserConfig.xml file to a Forcepoint Web Security DirectConnect Endpoint installation package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Deploying Windows endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Manually deploying Forcepoint One Endpoint agents on a Windows endpointmachine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Stand-alone Forcepoint DLP Endpoint packages . . . . . . . . . . . . . . . . . . . 46Combined Forcepoint DLP Endpoint and Forcepoint CASB Endpoint packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Forcepoint Web Security Endpoint packages downloaded from the Forcepoint Cloud Security Gateway Portal (Cloud deployments) . . . . . . . . . . . 47Forcepoint Web Security Proxy Connect Endpoint or mixed packages madevia the package builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Forcepoint Web Security Direct Connect Endpoint or mixed packages madevia the package builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Forcepoint Endpoint Context Agent packages made via the package builder50Testing your deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Troubleshooting a Forcepoint Endpoint Context Agent deployment . . . . . . . 52Deploying Mac endpoints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Manually deploying Forcepoint One Endpoint agents on a Mac endpointmachine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Deploying Forcepoint DLP Endpoint using Jamf . . . . . . . . . . . . . . . . . . . . . . 55Enabling full disk access on macOS 10.15 and macOS 11 (Forcepoint DLPii ForcepointOne Endpoint Solutions

ContentsEndpoint only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Creating the HWSConfig.xml file (Proxy Connect Endpoint only) . . . . . . . . 56Testing your deployment 58Deploying Forcepoint One Endpoint agents and the Neo agent on an endpointmachine (Windows only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Configuring and managing Forcepoint One Endpoint agents . . . . . . . . . . . . . . . 59Configuring Forcepoint DLP Endpoint. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Configuring the Forcepoint DLP Endpoint Confirmation Dialog (Windowsonly) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Configuring Forcepoint Web Security Endpoint . . . . . . . . . . . . . . . . . . . . . . 60Configuring Forcepoint Endpoint Context Agent. . . . . . . . . . . . . . . . . . . . . . 60Configuring Remote Filtering Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Configuring Forcepoint CASB Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Uninstalling Forcepoint One Endpoint software . . . . . . . . . . . . . . . . . . . . . . . . . 61Uninstalling Forcepoint One Endpoint from a Windows endpoint machine . 61Manually uninstalling Forcepoint One Endpoint from a Windows endpointmachine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Uninstalling Forcepoint One Endpoint using a deployment server . . . . . . 61Uninstalling Forcepoint One Endpoint using a distribution system . . . . . 62Uninstalling Forcepoint One Endpoint from a Mac endpoint machine . . . . . 63Installation and Deployment Guide iii

Contentsiv ForcepointOne Endpoint Solutions

1Introducing Forcepoint OneEndpointInstallation and Deployment Guide Forcepoint One Endpoint v20.12Applies to: Forcepoint DLP Endpoint v20.12Forcepoint DLP v8.8.xForcepoint Web Security Endpoint v20.12Forcepoint Web Security v8.5.xForcepoint Web Security CloudForcepoint URL Filtering v8.5.xForcepoint Endpoint Context Agent v20.12Forcepoint Next Generation Firewall v6.8Forcepoint CASB Endpoint v20.12Forcepoint CASBForcepoint One Endpoint solutions provide complete real-time protection againstadvanced threats and data theft for both network and roaming users. Forcepointadvanced technologies help you discover and protect sensitive data stored on endpointmachines and provide actionable forensic insight into potential attacks. Forcepoint Web Security Endpoint protects users from web threats on Windowsand Mac endpoint machines. Forcepoint offers three Forcepoint Web SecurityEndpoint options: Forcepoint Web Security Direct Connect Endpoint: Requires a ForcepointWeb Security v8.4 (or higher) on-premises solution with the Hybrid Moduleor Forcepoint Web Security Cloud. Forcepoint Web Security Proxy Connect Endpoint: Requires a ForcepointWeb Security v8.4 (or higher) on-premises solution with the Hybrid Moduleor Forcepoint Web Security Cloud. Remote Filtering Client: Requires Forcepoint URL Filtering v8.4 (or higher)with the Remote Filter module. Forcepoint CASB Endpoint protects organizations from cloud application-basedthreats. It identifies and remediates sensitive data sent or received through bothmanaged and unmanaged cloud applications accessed through the organization’snetwork. Requires a Forcepoint CASB license. Forcepoint DLP Endpoint protects organizations from data loss and data theft. Italso identifies and remediates sensitive data stored on corporate endpointInstallation and Deployment Guide 1

Introducing Forcepoint One Endpointmachines, including Windows and Mac laptops. Requires Forcepoint DLPNetwork v8.6 (or higher) or Forcepoint Data Discovery v8.6 (or higher). Forcepoint Endpoint Context Agent (Forcepoint ECA) collects per-connectionuser and application information about Windows endpoint machines that connectthrough a Forcepoint Next Generation Firewall (Forcepoint NGFW) Enginemanaged by the Security Management Center (SMC). Forcepoint ECA is onlyavailable for Windows endpoint machines. Requires Forcepoint NGFW v6.6 (orhigher).About this guideThis guide describes how to deploy Forcepoint One Endpoint on endpoint machinesacross your enterprise. Introducing Forcepoint One Endpoint, page 1: Describes system requirements,browser and operating support, benefits, and other information. Obtaining or Creating the Installation Package, page 17: Describes how to obtainor create installation packages. Deploying Forcepoint One Endpoint in your Enterprise, page 43: Describes howto globally deploy Forcepoint One Endpoint software and install it on endpointmachines.ImportantWhile Forcepoint One Endpoint can be deployed in anenterprise environment using MDM services such as Jamf,Forcepoint does not document the full deployment processfor third-party products in our guides. For moreinformation about deploying Forcepoint One Endpointagents using MDM, please consult the documentation forthe individual products.Related materialsForcepoint One Endpoint documentationThe following Forcepoint One Endpoint documents are available on the ForcepointDocumentation site: Release Notes for Forcepoint One Endpoint v20.12This document details the changes implemented in Forcepoint One Endpointv20.12. Upgrade Guide for Forcepoint One Endpoint Solutions2 Forcepoint One Endpoint Solutions

Introducing Forcepoint One EndpointIf your organization has deployed an earlier version of Forcepoint One Endpoint,you can upgrade Forcepoint One Endpoint to a later version. This documentcovers the procedures and identifies compatibility issues if you want to installdifferent agents on the same endpoint machine. End User’s Guide for Forcepoint One Endpoint SolutionsEnd users can interact with the Forcepoint One Endpoint Diagnostics Tool, viewconnection status, and view collected information. If Forcepoint DLP Endpoint isinstalled in stealth mode, users cannot interact with the user interface.Forcepoint Support site and Knowledge BaseYou can get additional information and support for your product on the ForcepointSupport website at https://support.forcepoint.com. There, you can access productdocument, Knowledge Base articles, downloads, cases, and contact information.The Knowledge Base contains many articles that provide additional information aboutForcepoint products, along with troubleshooting information. The following articlesmight help you as you install, deploy, and use Forcepoint One Endpoint: Endpoint Troubleshooting Features Article Resolved and Known Issues for Forcepoint One Endpoint v20.12 Enabling Full Disk Access for Forcepoint DLP Endpoint on macOS 10.15 andmacOS 11 Deploying the Forcepoint DLP Endpoint Chrome Extension on Mac endpointsusing Jamf Excluding Forcepoint Endpoint from Antivirus Scanning Replacing the Message XML in the Forcepoint Endpoint All-in-One PackageBuilder Updating Confirmation Dialog message files in Forcepoint One EndpoinManagement server installation documentationForcepoint One Endpoint solutions rely on other Forcepoint products for server-sidefunctions. If you have not already done so, you must install these products beforebeginning a Forcepoint One Endpoint installation. Installing Forcepoint DLP (for Forcepoint DLP Endpoint deployment) If you are installing Forcepoint DLP Endpoint v20.12 for Windows and planto also install the Neo endpoint agent, follow the procedures in the ForcepointDynamic User Protection Administrator Guide.Installing Forcepoint Web Security (for hybrid Forcepoint Web SecurityEndpoint deployment)Web Security installation is not required for a cloud Forcepoint Web SecurityEndpoint deployment. Installing Forcepoint URL Filtering (for Remote Filtering deployment)Installation and Deployment Guide 3

Introducing Forcepoint One Endpoint Installing Forcepoint Next Generation Firewall (for Forcepoint ECAdeployment) Forcepoint CASB installation is not required for a Forcepoint CASB Endpointdeployment. Forcepoint CASB is a cloud-based Forcepoint solution.NoteForcepoint DLP and Forcepoint Web Security are installedas modules on the Forcepoint Security Manager. For moreinformation about the Forcepoint Security Manager, seethe Forcepoint Security Manager Help.Forcepoint One Endpoint configuration documentationAfter Forcepoint One Endpoint is deployed to your endpoint machines, you configureit through the server-side product. Forcepoint DLP Manager Help (for Forcepoint DLP Endpoint) Forcepoint Web Security Manager Help (for hybrid Forcepoint Web SecurityEndpoint deployment) Forcepoint Cloud Security Gateway Portal Help (for cloud Forcepoint WebSecurity Endpoint deployment) Forcepoint NGFW Online Help (for Forcepoint ECA deployment) Forcepoint CASB Administration Guide (for Forcepoint CASB Endpointdeployment)About Forcepoint One EndpointThe following agents are available on the Forcepoint One Endpoint platform: Forcepoint DLP Endpoint (Windows and Mac) Forcepoint Web Security Proxy Connect Endpoint (Windows and Mac) Forcepoint Web Security Direct Connect Endpoint (Windows and Mac) Forcepoint ECA (Windows only) Forcepoint CASB Endpoint (Windows only)The Forcepoint One Endpoint platform places all installed Forcepoint One Endpointagents under one icon in the notification area of the task bar (Windows) or the statusmenu of the menu bar (Mac), instead of under separate icons for each agent. TheForcepoint One Endpoint agents share the same functionality as the older,conventional Forcepoint Endpoint agents.4 Forcepoint One Endpoint Solutions

Introducing Forcepoint One EndpointStarting with Forcepoint DLP v8.6, Forcepoint DLP Endpoint on the Forcepoint OneEndpoint platform is the standard agent for Forcepoint DLP (Windows and Mac) andForcepoint Dynamic Data Protection (Windows only).Starting with Forcepoint Web Security v8.5, Forcepoint Web Security Endpoint on theForcepoint One Endpoint platform is the standard agent for Forcepoint Web Securityon Windows and Mac.NoteThe Remote Filtering Client has not transitioned to theForcepoint One Endpoint platform. You can buildconventional Remote Filtering Client installation packagesthrough this package builder. They will have the samebuild number (e.g, v20.12.xxxx) as the installationpackages created for Forcepoint One Endpoints.Do I have a Forcepoint One Endpoint agent or a conventionalForcepoint Endpoint agent?To determine which type of agent you have, check the following: User Interface branding: If you have a Forcepoint One Endpoint agent installed,the package builder, Diagnostics Tool, DLP Endpoint UI, and system tray icon arebranded as “Forcepoint One Endpoint”. Version number: Conventional Forcepoint Endpoint: The conventional Forcepoint Endpointagents have a two or three digit version number consisting of a major andminor version. If your Forcepoint DLP Endpoint or Forcepoint Web SecurityEndpoint agent has a v8.6 or lower version number, it is a conventionalForcepoint Endpoint agent. If your version of Forcepoint ECA is v1.4 orlower, it is a conventional agent. Forcepoint One Endpoint: The Forcepoint One Endpoint agents have alonger version number that consists of the year, month, and build number. Forexample, v20.05.4734 is a Forcepoint One Endpoint release created in May2020. If your agent has a v18 or higher version number, it is a Forcepoint OneEndpoint agent.Task bar icon: Conventional Forcepoint Endpoint: Each installed Forcepoint Endpointagent is a single installed product with its own separate icon in the notificationarea of the task bar (Windows) or the status menu of the menu bar (Mac). Ifyou have more than one Forcepoint Endpoint agent installed on an endpointmachine, there is a separate Forcepoint icon for each agent. Forcepoint One Endpoint: All installed Forcepoint One Endpoint agents areinstalled as a single product (Forcepoint One Endpoint) with differentcomponents (i.e., the agents: Forcepoint DLP Endpoint, Forcepoint WebSecurity Endpoint, or Forcepoint ECA). If you have more than one ForcepointInstallation and Deployment Guide 5

Introducing Forcepoint One EndpointOne Endpoint agent installed on an endpoint machine, there is only oneForcepoint icon. When you click the icon, Forcepoint One Endpoint opens amenu that shows the options for all installed agents. Also, when you move themouse over the icon, it shows “Forcepoint One Endpoint”.Forcepoint One Endpoint package builderThe package builder is used by Enterprise IT team members to generate theForcepoint One Endpoint installation packages that will be installed on Windows andMac endpoint machines.The Forcepoint One Endpoint package builder supports the configuration and creationof the following Forcepoint One Endpoint and conventional Forcepoint Endpointagents: Forcepoint DLP Endpoint on Windows and Mac (Forcepoint One Endpoint) Forcepoint Web Security Endpoint: Forcepoint Proxy Connect Endpoint on Windows and Mac (Forcepoint OneEndpoint) Forcepoint Direct Connect Endpoint on Windows and Mac (Forcepoint OneEndpoint) Remote Filtering Client on Windows and Mac (Conventional ForcepointEndpoint) Forcepoint ECA on Windows only (Forcepoint One Endpoint) Forcepoint CASB Endpoint on Windows only (Forcepoint One Endpoint)ImportantThe Forcepoint DLP v8.6 and higher installation no longercontains the package builder used to create the ForcepointDLP Endpoint installation package. To prepare the latestForcepoint DLP Endpoint, you must download the latestpackage builder from the Forcepoint Downloads page.See System requirements, page 11 for hardware requirements.Forcepoint Web Security EndpointForcepoint Web Security Endpoint includes three endpoint agent options: Forcepoint Web Security Proxy Connect Endpoint (also known as ForcepointProxy Connect Endpoint) Forcepoint Web Security Direct Connect Endpoint (also known as ForcepointDirect Connect Endpoint)6 Forcepoint One Endpoint Solutions

Introducing Forcepoint One Endpoint Remote Filtering ClientImportantYou can deploy a mix of Forcepoint Proxy ConnectEndpoint, Forcepoint Direct Connect Endpoint, andRemote Filtering Client agents within your organization.However, you can only install one agent option on anindividual endpoint machine.Forcepoint Proxy Connect EndpointForcepoint Proxy Connect Endpoint can be deployed to secure endpoint machineswhose Internet activity is managed by the hybrid or cloud service. The ForcepointProxy Connect Endpoint agent provides transparent authentication and enforces theuse of hybrid or cloud web protection policies. This software also routes Internetrequests to the hybrid or cloud service so that the appropriate policy can be applied. Forcepoint Proxy Connect Endpoint redirects HTTP and HTTPS traffic to thehybrid or cloud service with an encrypted token that identifies the user, enablingthe correct policy to be applied and reporting data to be correctly logged. Nopassword or other security information is included. For supported browsers, Forcepoint Proxy Connect Endpoint manipulates proxysettings in real time. For example, if Forcepoint Proxy Connect Endpoint detects itis at a hotspot, but the user has not finished registration, it removes its proxysettings until the gateway has successfully opened.You can enable Forcepoint Proxy Connect Endpoint for some or all machinesmanaged by the cloud or hybrid service.Forcepoint Direct Connect EndpointForcepoint Direct Connect Endpoint routes traffic directly to the Internet and contactsa new endpoint cloud service to determine whether to block or permit a request,perform analysis of traffic content, and/or deliver endpoint configuration. ForcepointDirect Connect Endpoint is available for both full cloud and hybrid deployments.Forcepoint Direct Connect Endpoint may be beneficial for roaming users whereproxy-type connections are problematic. This includes, for example, websites that donot work well with a proxy, areas where geographic firewalls prohibit the use ofproxies, situations where localized content is required regardless of user location, andcomplex/changing network environments.When to use Forcepoint Direct Connect Endpoint instead of ForcepointProxy Connect EndpointThe Forcepoint Direct Connect Endpoint is now available alongside the existingForcepoint Proxy Connect Endpoint. The Forcepoint Proxy Connect Endpoint willcontinue to be available and supported and remains the default solution for securingroaming users in most situations.Installation and Deployment Guide 7

Introducing Forcepoint One EndpointThe Forcepoint Direct Connect Endpoint extends roaming user protection to use caseswhere a proxy-based approach can be problematic. In general, you should considerusing Forcepoint Direct Connect Endpoint if the following applies to yourorganization: Geo-localized content: Localized content is critical; for example, your Marketingorganization translates content into many languages. Unmanaged/third-party/complex networks: You have complex networks andchanging network connections; for example, you have a remote workforcetraveling and operating on client sites. Geographic firewalls: A geographical firewall prevents proxy use; for example,due to a national firewall or local network security system. Frequently changing network conditions: Frequent switching between differentnetwork connections; for example using a mix of mobile, wifi and on-premnetworks. Proxy unfriendly websites: You use a significant number of websites that do notwork well with proxy technology and would otherwise require proxy bypass. Proxy unfriendly applications: You have non-browser and/or custom applicationsthat require bypasses due to conflicts with proxy technology.Forcepoint Direct Connect Endpoint and Forcepoint Proxy Connect Endpoint canboth be used in the same customer deployment. However, only one type can beinstalled on an individual endpoint machine.ImportantAlthough Forcepoint Direct Connect Endpoint can provideimproved security coverage as outlined in the use casesabove, check that the networking requirements and level offeature support are acceptable in your intendeddeployment.Remote Filtering ClientIn Forcepoint URL Filtering deployments, you can add the Remote Filter module tomanage Internet requests from machines outside the network. By default, remotefiltering software monitors HTTP, HTTPS, and FTP traffic. You cannot install theRemote Filtering Client on an endpoint machine with either Forcepoint ProxyConnect Endpoint or Forcepoint Direct Connect Endpoint installed.Forcepoint DLP EndpointForcepoint DLP Endpoint is designed for organizations concerned about data loss thatoriginates at the endpoint machine, whether malicious or inadvertent. For example, ifyou want to prevent employees from taking sensitive data home on their laptops andprinting it, posting to the web, or copy and pasting it, you would benefit from thisendpoint solution.8 Forcepoint One Endpoint Solutions

Introducing Forcepoint One EndpointForcepoint DLP Endpoint is a comprehensive, secure, and easy-to-use endpoint dataloss prevention (DLP) solution. It monitors real-time traffic and applies customizedDLP policies over application and storage interfaces. You can also apply discoverypolicies to endpoint machines to determine what sensitive data they hold.You can monitor user activity inside endpoint applications, such as the cut, copy,paste, print, and screen capture operations. You can also monitor endpoint webactivities and know when users are copying data to external drives.Forcepoint Endpoint Context AgentForcepoint ECA is a client application monitoring tool. It intercepts network systemcalls on Windows endpoint machines and provides user and application information tothe Forcepoint NGFW. Forcepoint NGFW uses the information from Forcepoint ECAto determine whether connections from the endpoint machines are allowed, and tomonitor end user and endpoint machine activity.Forcepoint CASB EndpointForcepoint CASB Endpoint routes cloud application connections from anorganization’s managed endpoint machine through the Forcepoint CASB gateway.Forcepoint CASB analyzes the activities coming to and from the cloud applicationand mitigates each activity based on enabled policies.CompatibilityForcepoint Web Security EndpointForcepoint Web Security Endpoint is recommended for use with the followingForcepoint Web Security component versions.ComponentMinimum supportedversionRecommended versionForcepoint Web Securityv8.4.xLatest v8.5.x maintenanceversion or higherForcepoint URL Filtering(for Remote Filtering Client)v8.4.xLatest v8.5.x maintenanceversion or higherInstallation and Deployment Guide 9

Introducing Forcepoint One EndpointForcepoint DLP EndpointForcepoint DLP Endpoint is recommended for use with the following Forcepoint DLPcomponent versions.ComponentMinimum supportedversionRecommended versionForcepoint DLP Networkv8.6.xLatest v8.8.x maintenanceversion or higherForcepoint Data Discoveryv8.6.xLatest v8.8.x maintenanceversion or higherForcepoint End

Dec 08, 2020 · Introducing Forcepoint One Endpoint 2 Forcepoint One Endpoint Solutions machines, including Windows and Mac laptops. Requires Forcepoint DLP Network v8.6 (