Integrate file reputation services and sandboxes

Integrating Forcepoint NGFW with file reputation services and sandboxes improves the malware detection coverage of Forcepoint NGFW when you use file filtering.

Engine Editor – Add-Ons – File Reputation

Use this branch to enable file reputation services for file filtering.

Option	Definition
File Reputation Service	Select the file reputation service to use. None — Disables file reputation services. Threat Intelligence Exchange (TIE) — Enables the use of McAfee TIE file reputation services for file filtering. Global Threat Intelligence (GTI) — Enables the use of McAfee GTI file reputation services for file filtering.

Option	Definition
>When File Reputation Service is Threat Intelligence Exchange (TIE)
ePO Server	Shows the selected McAfee ePO Server element. The McAfee ePO server handles the request for DXL credentials initiated by the SMC.
Select	Opens the Select Element dialog box, where you can select an ePO Server element.
DXL Certificates	Shows the currently valid DXL certificates.
Generate DXL Certificates	Generates new certificates.

Option	Definition
>When File Reputation Service is Global Threat Intelligence (GTI)
HTTP Proxies (Optional)	When specified, requests are sent through an HTTP proxy instead of the engine accessing the external network directly. Add — Allows you to add an HTTP Proxy to the list. Remove — Removes the selected HTTP Proxy from the list. Note: You can only use one HTTP proxy for the connection to the McAfee Global Threat Intelligence file reputation service. If you select more than one HTTP proxy, the additional HTTP proxies are ignored.

Option

Definition

>When File Reputation Service is Global Threat Intelligence (GTI)

HTTP Proxies

(Optional)

When specified, requests are sent through an HTTP proxy instead of the engine accessing the external network directly.

Add — Allows you to add an HTTP Proxy to the list.

Remove — Removes the selected HTTP Proxy from the list.

Note: You can only use one HTTP proxy for the connection to the McAfee Global Threat Intelligence file reputation service. If you select more than one HTTP proxy, the additional HTTP proxies are ignored.

Engine Editor – Add-Ons – Sandbox

Use this branch to select and configure sandbox servers for engines.

Option	Definition
Sandbox Type	Specifies which type of sandbox the engine uses for sandbox file reputation scans. Cloud Sandbox - Forcepoint Advanced Malware Detection — The engine uses the cloud sandbox for Forcepoint Advanced Malware Detection. Local Sandbox - Forcepoint Advanced Malware Detection — The engine uses the local sandbox for Forcepoint Advanced Malware Detection. Note: To use the local sandbox for Forcepoint Advanced Malware Detection, you must have a Forcepoint Advanced Malware Detection appliance. Local Sandbox - McAfee Advanced Threat Defense (ATD) — The engine uses McAfee Advanced Threat Defense. Note: McAfee Advanced Threat Defense is no longer supported in NGFW version 6.4.0 and later. We recommend that you use Forcepoint Advanced Malware Detection instead. None — The engine does not use a sandbox.

Option

Definition

Sandbox Type

Specifies which type of sandbox the engine uses for sandbox file reputation scans.

Cloud Sandbox - Forcepoint Advanced Malware Detection — The engine uses the cloud sandbox for Forcepoint Advanced Malware Detection.
Local Sandbox - Forcepoint Advanced Malware Detection — The engine uses the local sandbox for Forcepoint Advanced Malware Detection.
Note: To use the local sandbox for Forcepoint Advanced Malware Detection, you must have a Forcepoint Advanced Malware Detection appliance.
Local Sandbox - McAfee Advanced Threat Defense (ATD) — The engine uses McAfee Advanced Threat Defense.
Note: McAfee Advanced Threat Defense is no longer supported in NGFW version 6.4.0 and later. We recommend that you use Forcepoint Advanced Malware Detection instead.
None — The engine does not use a sandbox.

Option	Definition
>When Sandbox Type is Cloud Sandbox - Forcepoint Advanced Malware Detection
License Key	The license key for the connection to the cloud sandbox server. Note: The license defines the home data center where files are analyzed. Enter the key and license token for the data center that you want to use as the home data center. CAUTION: The license key and license token allow access to confidential analysis reports. Handle the license key and license token securely.
License Token	The license token for the connection to the cloud sandbox server.
Sandbox Service	Specifies the sandbox service that the firewall contacts to request file reputation scans. Click Select to select a Sandbox Service element.
HTTP Proxies (Optional)	When specified, requests are sent through an HTTP proxy instead of the engine accessing the external network directly. Add — Allows you to add an HTTP Proxy to the list. Remove — Removes the selected HTTP Proxy from the list.

Option	Definition
>When Sandbox Type is Local Sandbox - Forcepoint Advanced Malware Detection
License Key	The license key for the connection to the local sandbox server.
License Token	The license token for the connection to the local sandbox server.
Sandbox Service	Click Select to select a Sandbox Service element.
HTTP Proxies (Optional)	When specified, requests are sent through an HTTP proxy instead of the engine accessing the external network directly. Add — Allows you to add an HTTP Proxy to the list. Remove — Removes the selected HTTP Proxy from the list.