Our agency is looking to go with a cross domain solution in the next year or 2, and recently there has been talk of going with Forcepoint and their trusted thin client solution.
First question. How exactly does this work? From my understanding, say you have 5 different networks you administer, you can decide what networks that thin client has access to, and they can switch back and forth between networks, all over one wire. From the distribution console, is this basically similar to how a trunk port and pruning vlans is setup? You decide what networks go over the link to the thin client, so that they only have access to the networks they are authorized to be on? Or does it work in a different way?
Second question. We are a full Cisco network. From the access layer, how are the switches configured for the clients? Is it all just 802.1x on the access ports? Do the ports still need to be assigned a specific vlan?
Forcepoint is looking for a Data Analyst in Austin, TX 78759 with the following main skill: Data Analysis
Job Summary The Business Analyst, as part of the Customer Success Organization (C SO) - Operations group, provides analytics services, project and program management, technology solutions, and process services to the entire... apply or read more here: https://www.datayoshi.com/offer/451718/data-analyst-forcepoint
We have some Mail Flow Rules in Exchange Online, that BCC external emails to a shared mailbox. But because we use Forcepoint, all mail, regardless of source is viewed as external.
To get around this I've added an exception to the rule for MyDomain.com but this isn't an ideal solution.
Does anyone have any experience getting O365 to see third party cloud email security services as being part of the Organization?
My Connectors to the service are to a "Partner Organization"
and the Message headers show: X-MS-Exchange-Organization-AuthAs: Anonymous - for all mail.
I had been doing Mac Admin works on my previous jobs as a side responsibility. It was no big deal. We got around 450 mac and 200 windows clients expanding over multiple sites. The IT team was small so is the infrastructure and I had full control over the infrastructure so we can easily set the infra that can support the hybrid client fleets and that the company had a long time Mac Culture made the things easier. Users were happy so the management, we had almost zero issues. I really miss those days.
Anyway I have landed in another company as a cloud engineer two years ago. It is a big company. Even the IT infra team and developers consist more than 600 people not counting 6000+ regular clients. They were always a Windows Centric organization but recently they decided to move their client fleet to Mac starting with 100 Mac clients and since they don't have any mac admins, they have no clue what to do. And you can't find decent Mac Admin easily around here so I have been asked to help them beside my main job and I said ok no problem it's a piece of cake but it wasn't.
I had easily solved their basic problems like AD-Mac integration, 802.1x, SSO for Firewall and similar services that require transparent identity, Central management, MDM etc. with so little cost compared to the effort and budget they had to spend maintaining Windows fleet. No problem so far but I can't get over the problems they are facing with that Websense bullshit. I have never seen such a trouble maker software. And the thing makes it worse that they are using it not just a proxy but also DLP solution with a long time licensing purchase. Neither Local nor Global support teams can help how to integrate Macs on their platform even if they claim that they support Mac platform. As far as I can see they have no idea even in basic concepts on MacOS.
The main problem is Macs losing authentication randomly while other services like firewall or wifi don't make any problem with identification. They just work fine but Websense is not happy. Sometimes works sometimes not. I can see the problem related to Kerberos and point the support team to investigate that but as I said they have no idea what to do.
The other problem is DLP. It makes the most powerful i9 macbooks seem like an archaic 486 when it starts to work once. I explained this also to the support teams and asked them to optimize DLP policies but then again they said no problem in their product. It's just the way Mac works... keep reading on reddit ➡
Hey everyone, I'm wondering if anyone has experience with Forcepoint NGFW's specifically with PIM / multicast route configurations. I have multicast routing running over a WAN utilizing a GRE tunnel. The multicast traffic needs to traverse through a NGFW unencapsulated due to security requirements (the GRE tunnel endpoint has to be outside of the firewall). My team and I can't get the NGFW to dynamically learn multicast routes and it won't let us statically configure the routes either. We configured PIM exactly how the Forcepoint white papers recommend. When trying to create an mroute we get this error. "Failed to read config; mroute entries not yet supported. please remove any mroutes from the routing table"
We will be opening a ticket with Forcepoint, but any input from out in the field would be greatly appreciated!
I am trying to get softphones on our NGFW but am running into issues where the firewall is dumping the connection because it thinks the VPN tunnel is getting spoofed. I tried to set up a SIP port range with a client VPN voice network rule but am still getting the spoofing message. Has anyone else tried this or had any luck? I really do not want to allow all ports over SIP
Hello everyone, does anyone know how to integrate forcepoint DLP with blackberry IRM workspace?
Trying to help out another group , I'm not intimately familiar with this product.
We use the Forcepoint Web Proxy using a .pac file with internal proxy servers. The issue we are having is sporadically we have users getting stuck on the cloud proxy causing problems reaching whitelisted sites. This occurs with users on PCs that never are "off net" and over VPN. There seems to be no pattern and reboots dont always solve the issue.
Anyone run into this ?
I'm looking to move away from Forcepoint where I currently work, as their interface gives me a headache, support is mostly terribly as all they do is send me KB's for stuff and then go oh wait i sent the wrong one try this one, yada yada yada.
I'm wondering what you all are using for email and internet filtering. Let me know because I need to scope some things out and I'd love to pick your brains.
anyone got lucky or knows how to prevent data leaks (copy sensitive text or files) to vmware (i.e. from host machine with Forcepoint DLP to a guest machine on vmware) ?
My company has been having this issue for quite sometime now. It's a very contentious issue that has the networking team, server team, sec ops team and system administrators blaming one another.. I just want to get this resolved.
Basically, here is the issue and what I personally THINK is the issue. Any and all input is welcomed.
I am currently working in the office. At the end of the day I close the laptop, undock and go home. Some time later I reconnect to the network via VPN. I then receive the error message stating that the PAC file requires a username and password.
The URL for the PAC file states http://cluster.h.webdefence.global.blackspider.com:8081 requires a username and password.
What is happening is that the cloud service has already locked down port 8081 and associated an IP address and endpoint to that port. When you connect to the VPN and attempt to pull the proxy PAC file it is set up to pull it from port 8081 as well. This causes a direct conflict.
When users do not restart their computers, the port stays locked. I do not know the direct cause. In my honest opinion if it is PCI compliant, we need to set up VPN connections within forcepoint to be treated as if port 8081 is locked by default. According to forcepoint KB's:
Remote users should use the alternate PAC file addresses (using port 80 or 443) if requesting access from networks that may have port 8081, 8082, or 8087 locked down.
I believe this is the easiest way to resolve this issue. The alternative is to determine at what interval does forcepoint sync with an endpoint and no longer consider port 8081 locked.
This issue has persisted since October of 2018 and has directly impacted the IS Department. We have received over 500 calls for this specific issue. The given solution to this problem has always been "Restart the machine" and while that works, the issue persists and we are taking time out of peoples day for an easily preventable issue. The reason that restarting has "worked" is that if effectively unlocks port 8081 allowing a new connection to be associated with the user.
We use Forcepoint to filter inbound mail for malware etc before it reaches O365. However, due to this, Outlook fails SPF and DKIM for inbound messages as they appear to come from Forcepoint, which isn't in the senders SPF record, and Forcepoint edits the mail which makes the DKIM hash invalid.
Our partner who manages Forcepoint for us has told us that we need to correct this is O365 but not told us where. I have gone back to them to ask. I can't find anything, or find anything online. Does anyone have any experience with this?
Thanks in advance!
The time has come for me to slay one of the three beasts (the others both being McAfee).
We need an on-premise solution that can act as a spam filter first and foremost.
Second, a product that could also do DLP on endpoints would be great, but if they had to be separate products that would be okay as long as the pricing doesn't come over what we're at now (which is a stupid high amount).
From the research I've done, Sophos comes up for having both products- but I've also heard that it is pretty lackluster overall.
So really what I should probably ask is:
What's your pick for on-prem spam filtering
What's your pick for Endpoint DLP/DLP
I done goofed and created an extra external network under one of my interfaces. Now I can't find how to delete it and I cant push policy updates because of it. Forcepoint is new to me and my google fu isn't helping. How do I delete pending changes? Please kind strangers.
We've been trying to implement this system for a few months now, and since turning on SSL decryption this product became a nightmare to use. Devs and end users constantly complain about sites connections and functionalities being broken. We've been battling it by bypassing SSL decryption for certain sites and domains but that pretty much beats the purpose of the implementation we're doing. Has anyone run into this issue? How did you resolve it? Thanks in advance.
My company use the GSuite platform for our user base (2600+). Although GSuite/Google does offer a broad coverage with regards to spam, botnet protection, etc. we still have concerns around targeted phishing attacks.
I'm wanting to implement a Email Security Solution specifically to provide URL protection and File Sandboxing. These are the two functions we currently lack sufficient protection.
I am currently in the process of speaking to Mimecast and Forcepoint and will be implementing a proof of concept soon. I'm having difficulty getting a fair review of both solutions, but my findings so far seem to favour Mimecast.
Both Mimecast and Forcepoint use Lastline for file sandboxing which is why I'm looking at these two options. Forcepoint pricing is better.
Anyone have any experience with either of these and any opinions or recommendations would be appreciated.
Currently doing a POC of DigitalGuardian and their WIP (web inspection proxy) seems to be breaking a lot of our SSO sites. Apparently they are using a proxy instead of a browser plugin to inspect traffic (probably because of the announcement from Chrome and how Chrome will be handling plug ins). Just curious if anyone had feedback on these 2 products (DigitalGuardian, ForcePoint). I am testing the cloud version of DigitalGuardian currently.
We are looking at some new FWs for our Corporate Datacenter, requirements are not crazy but we already use Forcepoint Web Security and have been pitched their NGFW.
Not a lot of info out there, I know they are the old Sidewinder firewalls but apparently they have redone the UI completely and its a lot better now.
They rated pretty highly on NSS Lab's tests, just wondering if anyone has them and is using them in production? Good? bad? Avoid like the plague?
We will be configuring GlobalProtect to test out its client & clientless VPN functions. We also have web filtering with Forcepoint configured, so all of our outbound 443/80 traffic filters through it.
How do I go about getting GP configured to route 80/443 traffic through to Forcepoint? We ran into the same issue with the current VPN solution we're using, and I'd like to be able to get this to work right off the bat.
I think I already know the answer here, but I just wanted to throw the question out to see if anyone knows a trick that I don't. Is it possible to get the Web Content Gateway module of Websense (forever curse its name) to process traffic for multiple VLANs?
Here at the main office I've got three client VLANs that need proxy'd / filtered. I have wcg1, running on our appliance, for the main one. Not finding any way to get this to work on multiple vlans, I spun up a wcg2 for the second one. That works fine, but is just kind of a PITA having to deal with two of them.
We now have had to create a third VLAN for specific clients, and I'm preparing to create a wcg3 - plus I have multiple VLANs at multiple other sites that I need to get running through the system as well. I'd sure like to not have to build a f'ing wcg VM for each individual VLAN. Each site, sure, but we've got a lot of VLANs, uggh.
Pretty sure that there's no way to get Web Content Gateway to process more than one network's traffic, but I though I'd see if anyone has been more clever than I. Thanks in advance!
EDIT: Probably should have mentioned, we're not using explicit proxy settings in-browser or PAC files, rather leveraging our ASAs to do WCCP redirection to the content gateways.
Advanced threats blend web and email elements throughout multistage cyber-attacks to probe for the weakest channel of attack, which presents multiple opportunities to stop those attacks before possible breaches occur. Forcepoint Email Security Cloud secures the communication channel most often used in the early stages of an Advanced Persistent Threat (APT) or other advanced attack, while empowering mobile workers and safe adoption of new technologies like Microsoft Office 365™. https://resources.guidesforcloudsecurity.com/bg/resources/32896/forcepoint-email-security-cloud?js=1
Ive had it with Forcepoints (lack of) support and the bloat of their product. FOr basic DLP (usb blocking, url filtering, laptop lockdown), what is everyone's choice?
We just switched from Sophos to Forcepoint for web access control and was wondering if anyone had any experience getting it to filter only certain subreddits based on their content (e.g. filtering nsfw subs, but allowing general access to reddit). This behavior just happened on its own with Sophos, so we're struggling a bit here...
When it is working, it is great. However lately it seems more often than not it is not working. From issues to user ID not working to log server settings just straight up disappearing from the config resulting in no logs. Now I am running into an issue where most of the traffic is getting identified correctly with the user, however I am still seeing a ton of traffic coming from the content gateway ip address itself and not being reported with the correct IP address or the user. Has anyone seen this? I am pulling my hair out with this software.
For about an hour now we have our WebSense cloud protection flagging most websites as Potentially Unwanted Software which we have blocked for all but IT folks. Anyone else seeing this? Stuck on hold at the moment with support. Add to the O365 issue going on right now and this is a fun Monday!
Hurray for the cloud.
Is anyone here using Forcepoint?
It's been mentioned as a data discovery product around things like PII and of course as a DLP to control/restrict/track data movement.
I know Forcepoint are a DLP solution but it's being pitched as modular so if todays requirement is discovery/search around PII but next years focus is around control of where data goes we can purchase and add the necessary module(s) on.
I am getting a sql 2016 server up and going, but I am getting caught on this step that they ask of me.
IMPORTANT... If you are using SQL 2012, SQL 2014, or SQL 2016 then make sure you have done the following:
Permissions are assigned to the per-service SID for each of its services. This system helps provide service isolation and defense in depth. The per-service SID is derived from the service name and is unique to each service. The topic Configure Windows Service Accounts and Permissions describes the per-service SID and provides the names in the section Windows Privileges and Rights. It is the per-service SID that must be assigned the access permission on the file location.
To Grant File System Permission to the Per-service SID
Using Windows Explorer, navigate to the file system location where the database files are stored. Right-click the file system folder, and then click Properties.
On the Security tab, click Edit, and then Add.
In the Select Users, Computer, Service Account, or Groups dialog box, click Locations, at the top of the location list, select your computer name, and then click OK.
In the Enter the object names to select box, type the name of the per-service SID listed in the Books Online topic Configure Windows Service Accounts and Permissions. (For the Database Engine per service SID, use NT SERVICE\MSSQLSERVER for a default instance, or NT SERVICE\MSSQL$InstanceName for a named instance.)
Click Check Names to validate the entry. The validation often fails, and might advise you that the name was not found. When you click OK, a Multiple Names Found dialog box appears.
Now select the per-service SID, either MSSQLSERVER or NT SERVICE\MSSQL$InstanceName, and then click OK.
Click OK again to return to the Permissions dialog box.
In the Group or user names box, select the per-service SID, and then in the Permissions for <name> box, select the Allow check box for Full control.
Click Apply, and then click OK twice to exit.
So I understand that it uses separate service accounts for SQL, but I don't understand what it is wanting me to add to the permissions of the SQL DB in explorer.
I currently have the defaults for the SQL server services (MSSQLSERVER, ReportServer, LOCALSERVICE, SQLSERVERAGENT)
I must be missing something here. Any help would be of great help.