How many Filtering Service instances can be deployed to a single Policy Server?
- Article Number: 000002322
- Products: Forcepoint URL Filtering, Forcepoint Web Security, TRITON AP-WEB
- Version: 8.5, 8.4, 8.3
- Last Published Date: February 10, 2021
Can another Filtering Service instance be installed at a remote location and communicate with my existing Policy Server?
Will latency be an issue between the two sites?
Forcepoint directs up to 10 Filtering Services can be deployed per Policy Server. If the number of Filtering Service instances exceeds the Policy Server's capacity, responses to Internet requests may be slow. Multiple Filtering Services are useful to manage remote or isolated sub-networks.
The appropriate number of Filtering Service instances for a Policy Server depend on the following:
If a ping command sent from the Filtering Service to the Policy Server receives a response in fewer than 30 milliseconds (ms), then the connection is considered high quality. If the connection between the Filtering Service and Policy Server breaks, all Internet requests are either blocked or permitted, depending on which option has been chosen within the Forcepoint Security (TRITON) Manager.
Filtering Service instances running behind firewalls or remotely (at a great physical distance communicating through a series of routers) may require their own Policy Server instance. In a multiple Policy Server environment, a single Forcepoint Policy Database holds the policy settings for all Policy Server instances.
Forcepoint recommends that distributed enterprises deploy the Policy Database instance no more than 20 hops from each remote office. Similarly, the total trip for an Internet Control Message Protocol (ICMP) ping from each remote office to the Policy Database instance should take no more than 100ms to provide satisfactory browsing speeds.
Note For more help in regards to sizing and proper deployment, please contact your account representative who can contact a sales engineer to assist further.
deployment; policy server; filtering service; policy database; broker replication; sizing; sales; capacity planning; distributed network