Users are not filtered or reports are blank when using Network Agent
- Article Number: 000003875
- Products: Forcepoint URL Filtering, Forcepoint Web Security, TRITON AP-WEB, Web Filter & Security, Web Security Gateway, Web Security and Web Filter
- Version: 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.8, 7.7
- Last Published Date: September 09, 2020
There are two scenarios where filtering Network Agent may have complications:
Network Agent is the component that enables filtering of all protocols (HTTP and non-HTTP) in a Stand-Alone Forcepoint installation. When an integration product passes HTTP/HTTPS traffic to Forcepoint , Network Agent filters non-HTTP protocols, enables bandwidth-based filtering restrictions, and collects enhanced HTTP log data for reporting.
In order for Network Agent to filter and log traffic properly, it must first be positioned to monitor network traffic. In other words, a network span must be enabled, usually on the core switch, to send mirrored traffic to the Network Agent service.
Why is HTTP traffic not logged for all users?
This issue is seen when Filtering Service is receiving lookup requests from an integration, enhanced logging is enabled (Filter and log HTTP requests option), and no span is configured. To confirm:
Keywords: network agent; logging; span port