Forcepoint Security Manager Best Practices
Forcepoint Web Security,
Forcepoint Email Security,
and Forcepoint DLP
may be deployed together to create
a comprehensive security solution.
One of the many advantages of these
Forcepoint security products is
that you can manage multiple components from
the centralized Forcepoint Security Manager.
In this video, we will cover many FSM best practices
that should be followed prior to any deployment, installation or upgrade.
Support also recommends reviewing
these environmental settings when
troubleshooting any possible issues
with the Forcepoint Security Manager
and associated infrastructure files.
As a best practice,
Forcepoint recommends disabling both
the User Access Control and
Data Execution Prevention features,
as well as configuring antivirus
scanning exceptions for the Websense directory
to help prevent possible corruption.
In addition, we need to also
verified network connectivity between services
in the distributed deployment.
First, let's verify
User Access Control is disabled on
the Windows server.
Access the Window Settings and
search for UAC.
Launch Change User Access Control settings
I needed, lower the slider to the bottom:
Never notify, then click OK.
Next, we'll verify the
Data Execution Prevention settings .
From Window Settings, access
System
then click About
to access System Info
From here, Click Advanced system settings
Then, on the Advanced tab,
under Performance, click Settings.
The last tab on Performance Options
is the Data Execution Prevention tab.
Ensure it is
not interfering with the Forcepoint services
by either listing them as exceptions
or by telling Windows to
only use DEP for essential Windows programs and services.
After disabling UAC and DEP,
next is employing anti virus scanning exceptions
Antivirus scanning can degrade
the performance of Forcepoint Security components
and can inadvertently introduce
corruption due to file locking.
It is a general best practice to
exclude application directories
from anti virus scanning.
While Forcepoint is not aware
of any risk in excluding these files
from your antivirus scan,
strongly recommend reviewing the
following entry from the Deployment Guide
for additional guidance.
For the Forcepoint security solution
to function correctly, we need to ensure
proper network communication is allowed across the environment.
From the Deployment Guide,
review the Ports spreadsheet download
and ensure you don't have any firewall rules
blocking port connectivity between
your Forcepoint security services.
Remember, Port 9443 in 19448 may also
need to be opened on the Windows FSM server
to allow Web browsers to connect
the security manager interface.
In this video, we highlighted
many operational best practices
for the Forcepoint Security Manager
that apply to all Web, Email, and Data Security deployments.
In addition to reviewing these FSM best practices,
Support also recommends reviewing the Compatibility Matrix
for your version to verify
the deployment is running in a supportive configuration,
which has been rigorously tested by Forcepoint QA.
Thanks for watching,
