KB Article | Forcepoint Support

Locating which policy is being applied to a client

Article Number: 000010965
Products: Forcepoint URL Filtering, Forcepoint Web Security, TRITON AP-WEB, Web Filter & Security, Web Security Gateway, Web Security Gateway Anywhere, Web Security and Web Filter
Version: 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.8, 7.7, 7.6, 7.5, 7.1, 7.0
Last Published Date: June 12, 2020

Notes & Warnings

The Check Policy tool matches filtering policies to the supplied user name or IP address. However, if Forcepoint has incorrectly identified the end user, then the Check Policy tool results will not match the actual policy applied.

If a user's Internet requests are being blocked unexpectedly, you can examine the block page to find the actual policy being applied.

Click the more information link on the block page.
Right-click in information frame (the top half of the block page), and select View Source (Internet Explorer) or This Frame > View Frame Source (Mozilla Firefox).
- The policy name appears near the bottom of the page.
- A user name should also appear near the bottom of the page. Confirm Forcepoint has identified the end user correctly.
- For more information, see How do block pages work?
- If the user isn't identified properly, see the User Identification Issues Featured Article for information.

Client objects, such as user names and groups, may become orphaned after modifying the Directory Services settings. In such cases, where it appears Forcepoint is not applying a policy to an existing Client object, simply delete and re-add the object. When the Client object is re-added, the updated Directory Service settings are used.

Problem Description

I want to find out which policy is being applied to a client. How can I find this information?

Resolution

Use the Check Policy tool, in the Forcepoint Security Manager Toolbox, to find out which policies apply to a particular client. The Check Policy tool will return multiple policies when:

a user belongs to multiple groups or OUs, and
different policies are assigned to each group or OU, and
no policy is assigned specifically to the user.

In such a circumstance, the Use more restrictive blocking option selected on the Settings > Filtering page determines which policy is enforced for the user. See Filtering order in the Forcepoint Security Manager Help for details.

To determine which policies apply to a specific client:

Click Check Policy in the Toolbox.
To identify a user or computer client, enter either:
- Enter a fully qualified user name or browse or search the directory to identify the user. Afterwards click Find User.
  - The search feature is available only if you are using an LDAP-based directory service.
- An IP address
Click Go.

The name of one or more policies is displayed in a popup window.

If the Check Policy Toolbox shows the default policy, when another policy is expected, verify the user or group object directory path.

To Verify a User or Group object, select Main Tab > Policy Management > Client.
Double click the User or Group object and verify that the LDAP displayed path matches what has been configured in Directory Services.
If necessary, delete, save, and then readd the User or Group object. Afterwards, reapply the filtering policy.
Retest using the Check Policy Toolbox.

Keywords: default policy incorrectly used; policy configuration; check policy; identify applied policy; incorrect policy

Article Feedback

Is the article related to the topic you are looking for?
Yes No

Did the information in this article answer your question or resolve your issue?
Yes No

Comments

Thank you for the feedback and comments.

Tools & Links

Featured Articles Home Product Support Life Cycle Certified Product Matrix Upgrade Centers Support Videos

Want 24/7 Tech Support?

Learn more