File filtering configuration overview

To use file filtering, integrate or configure one or more malware detection or data protection methods and add rules for file filtering.

Figure: Components and elements in the configuration



1
On-premises ICAP DLP server
2
McAfee Global Threat Intelligence file reputation service or McAfee Threat Intelligence Exchange (TIE) file reputation service
3
Forcepoint Advanced Malware Detection sandbox service
4
File Filtering Policy
5
Firewall, IPS, Layer 2 Firewall, or Layer 2 Interface Policy
6
NGFW Engine

The configuration of file filtering consists of the following general steps:

  1. (Optional) Integrate one or more on-premises DLP servers for data protection.
  2. Integrate or configure one or more malware detection methods.
    • (Optional) Integrate Forcepoint NGFW with one of the following file reputation services:
      • McAfee Global Threat Intelligence
      • McAfee Threat Intelligence Exchange (TIE)
    • (Optional) Integrate Forcepoint NGFW with the Forcepoint Advanced Malware Detection sandbox service.
    • (Optional) Enable Anti-Malware for the engine.
    Note: Each malware detection method is optional, but you must integrate or configure at least one malware detection method to use file filtering.
  3. Create a File Filtering Policy element and add rules to the File Filtering Policy.
  4. Enable file filtering in a Firewall, IPS, Layer 2 Firewall, or Layer 2 Interface Policy element.
    Note: To enable file filtering in a Layer 2 Interface Policy, you must enable file filtering and select the File Filtering Policy in the Firewall Policy.