KB Article | Forcepoint Support

Problem Description

Are Forcepoint Web security solutions supported on virtual machines?


Best effort support

Although it is not a certified configuration, Forcepoint will provide "best effort" support to virtualization technologies deployments of Forcepoint Web Security solutions on the VMware ESX, VMware ESXi, and Microsoft Hyper-V platforms. Under best effort support, Forcepoint Technical Support will make their best effort to troubleshoot cases in standard fashion unless the issue is deemed a virtualization technology-specific issue, at which point you must contact the virtualization vendor directly for assistance. In order to qualify for best effort support, virtualization technology deployments must follow certain guidelines (see Requirements below).

Virtualization platforms not specified above are not supported.
Note Forcepoint does not test and certify VMware during the Quality Assurance process; as such, VMware is not an "officially certified platform".


Supported operating systems
To qualify for best effort support, Forcepoint software must be deployed on a Forcepoint-supported operating system that is also officially supported by the virtualization technology as well. Virtualized performance
Forcepoint has not certified performance characteristics of Forcepoint Web security solutions on virtual environments. In general, you can expect performance impacts of up to 25% when running an application on virtual systems. It is important to note this is only a broad, rough guide. You must determine how virtualization affects performance in your particular deployment and make any necessary adjustments to hardware and configuration.

Hardware resources
You must confirm that the hardware resources allocated to the virtualization guest(s) are in line with the hardware requirements for the Forcepoint product as specified in the Forcepoint deployment center for your version.  

Known VMware Issues
Performance issues related to resource contention, including disk I/O issues, are exhibited as follows:
  • The virtual machine may perform slowly. (e.g. slow applications startup or OS boot)
  • Virtual machines may stop responding.
  • Windows guests fail with kernel errors.
  • Windows System Event log contains error: Event ID 51 from the source: Disk
  • Linux guests become non-responsive or lock up.
While it may be possible to mitigate these problems, doing so involves tuning the virtual environment beyond the scope of Forcepoint.

See article Network Agent and Microsoft Hyper-V or VMware for additional details.

SQL Server and MSDE
The Forcepoint Log Database is maintained on SQL Server or MSDE. Microsoft has limited support for running SQL Server or MSDE on virtualization systems other than a Microsoft virtualization system. Please see the appropriate Microsoft support documentation for more information.
See Microsoft's support policy for SQL Server products running in a hardware virtualization environment.
Review Microsoft's Server Virtualization Validation Program for supported configurations of Microsoft server software on non-Microsoft virtualization platforms.
Networking Considerations
In order to properly apply security policy, Forcepoint Network Agent requires that the network interface card (NIC) it uses for monitoring be set to promiscuous mode to see network traffic. Some virtualization environments do no allow guest VMs to have a NIC in promiscuous mode. Please consult your vendors documentation for your virtualization platform.
Appliance Recovery Images
Forcepoint appliance recovery images are not supported on virtual machines.

Article Feedback

Thank you for the feedback and comments.