File filtering configuration overview
To use file filtering, integrate or configure one or more malware detection or data protection methods and add rules for file filtering.
Figure: Components and elements in the configuration
- 1
- On-premises ICAP DLP server
- 2
- McAfee Global Threat Intelligence file reputation service or McAfee Threat Intelligence Exchange (TIE) file reputation service
- 3
- Forcepoint Advanced Malware Detection sandbox service
- 4
- File Filtering Policy
- 5
- Firewall, IPS, Layer 2 Firewall, or Layer 2 Interface Policy
- 6
- NGFW Engine
The configuration of file filtering consists of the following general steps:
- (Optional) Integrate one or more on-premises DLP servers for data protection.
- Integrate or configure one or more malware detection methods.
- (Optional) Integrate Forcepoint NGFW with one of the following file reputation services:
- McAfee Global Threat Intelligence
- McAfee Threat Intelligence Exchange (TIE)
- (Optional) Integrate Forcepoint NGFW with the Forcepoint Advanced Malware Detection sandbox service.
- (Optional) Enable Anti-Malware for the engine.
Note: Each malware detection method is optional, but you must integrate or configure at least one malware detection method to use file filtering. - (Optional) Integrate Forcepoint NGFW with one of the following file reputation services:
- Create a File Filtering Policy element and add rules to the File Filtering Policy.
- Enable file filtering in a Firewall, IPS, Layer 2 Firewall, or Layer 2 Interface Policy element.Note: To enable file filtering in a Layer 2 Interface Policy, you must enable file filtering and select the File Filtering Policy in the Firewall Policy.