Migrate a single NGFW Engine to ThreatSeeker URL filtering

If you used legacy URL filtering with Forcepoint NGFW version 6.0 or earlier, you must migrate the engine to use ThreatSeeker URL filtering when you upgrade the single NGFW engine to version 6.1 or later.

Before you begin

Category-based URL filtering using the ThreatSeeker Intelligence Cloud service is a separately licensed feature. You must install a license that supports URL filtering using the ThreatSeeker Intelligence Cloud service before you migrate the NGFW Engine.

The policy that is uploaded to the engine depends on the engine version. For engines running version 6.0 or earlier, only rules that contain legacy URL Situation elements are applied. For engines running version 6.1 or later, only rules that contain new URL Category elements are applied.
Note: Do not use legacy URL Situation elements and URL Category elements in the same rule. Rules that contain both legacy URL Situation elements and URL Category elements are ignored.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Create a transition policy that contains both the legacy URL Situation elements and the new URL Category elements.
  2. Install the transition policy on the engine.
    Policy validation warnings about the legacy URL Situation elements are expected. You can safely ignore the warnings.
    Because the engine has not yet been upgraded to version 6.1 or later, the rules that contain the legacy URL Situation elements are applied.
  3. Upgrade the engine to Forcepoint NGFW version 6.1 or later, then verify that it works correctly.
  4. Install the transition policy again.
    Because the engine is running version 6.1 or later, the rules that contain the new URL Category elements are applied.