Deployment and Installation Center - Forcepoint€¦ · Deployment and Installation Center 5...

Deployment and Instal lat ion Center

v7.6.x

Websense® TRITON™ Enterpr ise

Deployment and Installation CenterWebsense TRITON Enterprise version 7.6April 2012

Copyright © 1996-2012 Websense, Inc. All rights reserved.This document contains proprietary and confidential information of Websense, Inc. The contents of this document may not be disclosed to third parties, copied, or duplicated in any form, in whole or in part, without prior written permission of Websense, Inc.Every effort has been made to ensure the accuracy of this manual. However, Websense Inc. makes no warranties with respect to this documentation and disclaim any implied warranties of merchantability and fitness for a particular purpose. Websense Inc. shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.

TrademarksWebsense, the Websense Logo, and ThreatSeeker are registered trademarks of Websense, Inc. in the United States and/or other countries. TRITON, Websense Security Labs, and Advanced Classification Engine (ACE), V-Series, TruWeb DLP, TruHybrid, and TruEmail DLP are trademarks of Websense Inc. in the United States and other countries.Microsoft, Windows, Windows NT, Windows Server, and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.Mozilla and Firefox are registered trademarks of the Mozilla Foundation in the United States and/or other countries.eDirectory and Novell Directory Services are a registered trademarks of Novell, Inc., in the U.S. and other countries.Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.Red Hat is a registered trademark of Red Hat, Inc., in the United States and other countries. Linux is a trademark of Linus Torvalds, in the United States and other countries.This product includes software distributed by the Apache Software Foundation (http://www.apache.org). Copyright (c) 2000. The Apache Software Foundation. All rights reserved.Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are the sole property of their respective manufacturers.

Summary Contents

Summary ContentsSummary Contents ......................................................................................................... 1

Contents .......................................................................................................................... 5

Deployment and Installation Center............................................................................ 37

System Requirements .................................................................................................. 41

Preparing for Installation ............................................................................................. 55

Obtaining SQL Server................................................................................................... 67

Web Filter or Web Security (software-based) ............................................................ 69

Web Security All............................................................................................................ 75

General Deployment Recommendations for Web Security ...................................... 85

Deploying Network Agent .......................................................................................... 105

Integrating Web Security with Other Products ........................................................ 125

Web Security Distributed Enterprise Deployments................................................. 147

Web Security Gateway (software-based).................................................................. 161

Citrix Integration ......................................................................................................... 167

Cisco Integration......................................................................................................... 193

Configuring a Cisco Security Appliance .................................................................. 199

Configuring a Cisco IOS Router ................................................................................ 211

Configuring a Cisco Content Engine ........................................................................ 219

Microsoft ISA Server or Forefront TMG Integration ................................................ 227

Squid Web Proxy Cache Integration ......................................................................... 259

Check Point Integration.............................................................................................. 285

Configuring Check Point Products to Work with Web Filter or Web Security...... 291

Configuring Check Point Secure Communication................................................... 307

Deployment and Installation Center 1

Summary Contents

Troubleshooting Check Point Integration ................................................................ 317

Universal Integrations ................................................................................................ 323

Installing Web Security Components on Linux ....................................................... 329

Web Security Gateway Anywhere (software-based) ............................................... 351

Websense Content Gateway...................................................................................... 357

Deploying Websense Content Gateway ................................................................... 381

Chaining Content Gateway with other Proxies ........................................................ 401

Web Security Gateway (appliance-based)................................................................ 405

Web Security Gateway Anywhere (appliance-based).............................................. 419

Data Security ............................................................................................................... 435

Planning Data Security Deployment ......................................................................... 449

Choosing and Deploying Data Security Agents ...................................................... 473

Integrating Data Security with Existing Infrastructure............................................ 519

Scaling Data Security ................................................................................................. 553

Data Security Protector CLI ....................................................................................... 561

Email Security Gateway (V5000 G2).......................................................................... 575

Email Security Gateway (V10000 G2)........................................................................ 585

Websense Email Security Gateway Deployment ..................................................... 595

Web and Email Security Gateway (V10000 G2)........................................................ 607

Web Security Gateway Anywhere and Email Security Gateway (V10000 G2)..................................................................... 621

TRITON Enterprise (V10000 G2) ................................................................................ 637

Creating a TRITON Management Server................................................................... 645

Custom Deployment ................................................................................................... 657

Components ................................................................................................................ 707

Installing and Deploying Websense Endpoint Clients ............................................ 741

2 Websense TRITON Enterprise

Summary Contents

Initial Configuration .................................................................................................... 763

Adding or Modifying Components ............................................................................ 791

Removing Components.............................................................................................. 805

Upgrading Websense software to the latest v7.6.x ................................................. 821

Upgrading Web Security or Web Filter to 7.6.0........................................................ 829

Upgrading Websense Content Gateway to 7.6.0 ..................................................... 853

Upgrading Websense Content Gateway to v7.6.2 ................................................... 863

Upgrading to Websense Web Security Gateway Anywhere to v7.6.0.................... 871

Upgrading to Data Security 7.6.0............................................................................... 879

Upgrading V-Series Appliance to 7.6 ........................................................................ 907

Upgrading or Merging Administrators...................................................................... 917

Starting or Stopping Web Security Services............................................................ 923

Default ports................................................................................................................ 927

Excluding Websense Files from Antivirus Scans.................................................... 939

Migrating from MSDE to SQL Server 2008 R2 Express........................................... 943

Changing the IP Address, Host Name, or Domain of the TRITON Management Server951

Creating Apache SSL Certificates............................................................................. 973


Summary Contents


Contents

ContentsSummary Contents ......................................................................................................... 1

Contents .......................................................................................................................... 5

Deployment and Installation Center............................................................................ 37Applies to .................................................................................................................. 37In this topic................................................................................................................ 37Overview ................................................................................................................... 37Deployment scenarios .............................................................................................. 38Upgrade scenarios.................................................................................................... 38How to use the Deployment and Installation Center................................................. 38Previous version deployment and installation documentation .................................. 39

System Requirements .................................................................................................. 41Applies to .................................................................................................................. 41In this topic................................................................................................................ 41TRITON management server.................................................................................... 41

Operating system................................................................................................ 42Hardware requirements....................................................................................... 43Browser ............................................................................................................... 44Virtualization systems ......................................................................................... 44TRITON local database system .......................................................................... 44TRITON remote database system ...................................................................... 44Directory Services for Administrators.................................................................. 45

Web Security and Web Security Gateway ................................................................ 45Software deployments......................................................................................... 45Appliance deployments ....................................................................................... 46Client OS............................................................................................................. 46Integrations ......................................................................................................... 46Directory Services ............................................................................................... 47RADIUS............................................................................................................... 47

Email Security Gateway............................................................................................ 47Email Security Log Server................................................................................... 48

Data Security ............................................................................................................ 49Operating system................................................................................................ 49Data Security Server hardware requirements ..................................................... 49Data Security Server software requirements ...................................................... 50Protector hardware requirements........................................................................ 50Data Endpoint hardware requirements ............................................................... 51

Preparing for Installation ............................................................................................. 53Applies to .................................................................................................................. 53In this topic................................................................................................................ 53Overview ................................................................................................................... 54All .............................................................................................................................. 54

2 GB required on Windows drive ........................................................................ 55


Contents

Windows updates................................................................................................ 55Websense installer.............................................................................................. 55Starting the Websense installer .......................................................................... 55Web Security installer for Linux........................................................................... 55Domain Administrator privileges ......................................................................... 55Synchronizing clocks........................................................................................... 56Antivirus .............................................................................................................. 56Firewall................................................................................................................ 56Computer Browser service (Windows Server 2008) ........................................... 56Remote control utilities........................................................................................ 56Microsoft hotfix for large installers (Windows Server 2003) ................................ 57.NET Framework 2.0 ........................................................................................... 57Keeping installer files .......................................................................................... 57

TRITON Unified Security Center............................................................................... 58Disable Windows Firewall during installation ...................................................... 58Do not install on a Domain Controller ................................................................. 58Local SQL Server................................................................................................ 58

SQL Server 2008 R2 Express................................................................................... 58.NET Framework 3.5 SP1 ................................................................................... 58Windows Installer 4.5 .......................................................................................... 59Windows PowerShell 1.0 .................................................................................... 59Log in as domain user......................................................................................... 59

Web security ............................................................................................................. 59Filtering Service Internet access ......................................................................... 59Network Agent..................................................................................................... 60Installing on Linux ............................................................................................... 61TCP/IP only ......................................................................................................... 62

Data Security ............................................................................................................ 62No underscores in FQDN.................................................................................... 62Preparing a machine for SMTP agent................................................................. 62Do not install Data Security Server on a DC....................................................... 63Domain considerations........................................................................................ 631 GB disk space required for ISA Agent ............................................................. 63

Obtaining SQL Server................................................................................................... 65Applies to .................................................................................................................. 65SQL Server ............................................................................................................... 65

Web Filter or Web Security (software-based) ............................................................ 67Applies to .................................................................................................................. 67In this topic................................................................................................................ 67Overview ................................................................................................................... 67Deployment............................................................................................................... 69Installation................................................................................................................. 69Initial configuration .................................................................................................... 70

Web Security All............................................................................................................ 73Applies to .................................................................................................................. 73In this topic................................................................................................................ 73Overview ................................................................................................................... 73


Contents

Deployment............................................................................................................... 75Installation................................................................................................................. 75Initial configuration .................................................................................................... 76Installing Web Security All components.................................................................... 77

Applies to ............................................................................................................ 77Installing Web Security All components .............................................................. 77

Adding the TRITON - Data Security module............................................................. 82Applies to ............................................................................................................ 82Adding the TRITON - Data Security module ....................................................... 82

General Deployment Recommendations for Web Security ...................................... 83Applies to .................................................................................................................. 83Topics ....................................................................................................................... 83Network considerations............................................................................................. 83

Applies to ............................................................................................................ 83Network considerations....................................................................................... 84

Component limits and ratios ..................................................................................... 85Applies to ............................................................................................................ 85In this topic .......................................................................................................... 85Overview ............................................................................................................. 85Component Limits ............................................................................................... 85Component ratios................................................................................................ 86Multiple Directory Agent instances...................................................................... 88

Required external resources..................................................................................... 88Applies to ............................................................................................................ 88Overview ............................................................................................................. 89TCP/IP................................................................................................................. 89DNS server.......................................................................................................... 89Directory services................................................................................................ 89Network efficiency ............................................................................................... 89

Deploying transparent identification agents .............................................................. 89Applies to ............................................................................................................ 89In this topic .......................................................................................................... 90Overview ............................................................................................................. 90Combining transparent identification agents ....................................................... 91

Maximizing system performance............................................................................... 92Applies to ............................................................................................................ 92In this topic .......................................................................................................... 93Overview ............................................................................................................. 93Network Agent..................................................................................................... 93HTTP reporting.................................................................................................... 93SQL Server ......................................................................................................... 94Log Database disk space recommendations ...................................................... 95

Hardware recommendations for stand-alone deployments of Web Filter or Web Secu-rity .......................................................................................................................... 96

Applies to ............................................................................................................ 96Hardware recommendations for stand-alone deployments of Web Filter or Web

Security ............................................................................................................ 96Remote Filtering Server and Client ........................................................................... 99

Applies to ............................................................................................................ 99


Contents

Remote Filtering Server and Client ..................................................................... 99

Deploying Network Agent .......................................................................................... 103Applies to ................................................................................................................ 103Overview ................................................................................................................. 103Network Agent ........................................................................................................ 104

Applies to .......................................................................................................... 104In this topic ........................................................................................................ 104Overview ........................................................................................................... 104Network Agent settings ..................................................................................... 105

Network Agent location ........................................................................................... 105Applies to .......................................................................................................... 105Network Agent location ..................................................................................... 105

Locating Network Agent in single segment network ............................................... 107Applies to .......................................................................................................... 107Locating Network Agent in single segment network ......................................... 107

Locating Network Agent in multiple segment network ............................................ 108Applies to .......................................................................................................... 108In this topic ........................................................................................................ 108Overview ........................................................................................................... 108Deploying multiple Network Agents .................................................................. 108Central Network Agent placement .................................................................... 109Distributed Network Agent placement............................................................... 110

Connecting Network Agent to a hub ....................................................................... 112Applies to .......................................................................................................... 112Connecting Network Agent to a hub ................................................................. 112

Switched networks with a single Network Agent..................................................... 112Applies to .......................................................................................................... 112Switched networks with a single Network Agent............................................... 113

Switched networks with multiple Network Agents ................................................... 117Applies to .......................................................................................................... 117Switched networks with multiple Network Agents ............................................. 117

Network Agent on gateway ..................................................................................... 118Applies to .......................................................................................................... 118Network Agent on gateway ............................................................................... 118

Network Agent and multiple NICs ........................................................................... 119Applies to .......................................................................................................... 119Network Agent and multiple NICs ..................................................................... 120

NAT and Network Agent deployment...................................................................... 121Applies to .......................................................................................................... 121NAT and Network Agent deployment................................................................ 121

Integrating Web Security with Other Products ........................................................ 123Applies to ................................................................................................................ 123Integrating Web Security with other products ......................................................... 123Integrating Web Security with Content Gateway .................................................... 124

Applies to .......................................................................................................... 124Integrating Web Security with Content Gateway............................................... 124

Integrating Web Security with Microsoft ISA Server or Forefront TMG................... 126Applies to .......................................................................................................... 126


Contents

In this topic ........................................................................................................ 126Overview ........................................................................................................... 126Single Microsoft ISA/TMG configuration ........................................................... 127Array configuration ............................................................................................ 129

Integrating Web Security with Cisco ....................................................................... 130Applies to .......................................................................................................... 130In this topic ........................................................................................................ 130Cisco PIX/ASA .................................................................................................. 130Cisco Content Engine ....................................................................................... 131Cisco IOS Routers ............................................................................................ 133

Integrating Web Security with Check Point ............................................................. 134Applies to .......................................................................................................... 134In this topic ........................................................................................................ 134Overview ........................................................................................................... 134Simple ............................................................................................................... 134Distributed ......................................................................................................... 136

Integrating Web Security with Squid Web Proxy Cache ......................................... 137Applies to .......................................................................................................... 137In this topic ........................................................................................................ 137Overview ........................................................................................................... 137Single Squid Web Proxy Cache configuration .................................................. 137Array configuration ............................................................................................ 139

Integrating Web Security with Citrix ........................................................................ 141Applies to .......................................................................................................... 141Integrating Web Security with Citrix .................................................................. 141

Other integrations for Web Security ........................................................................ 143Applies to .......................................................................................................... 143Other integrations for Web Security .................................................................. 143

Web Security Distributed Enterprise Deployments................................................. 145Applies to ................................................................................................................ 145Web Security distributed enterprise deployments................................................... 145Web Security basic distributed enterprise topology ................................................ 146

Applies to .......................................................................................................... 146In this topic ........................................................................................................ 146Web Security and Web Security Gateway ........................................................ 146Websense Web Security Gateway Anywhere................................................... 148

Web Security filtering remote sites ......................................................................... 149Applies to .......................................................................................................... 149In this topic ........................................................................................................ 149Websense Web Security or Web Security Gateway ......................................... 149Websense Web Security Gateway Anywhere................................................... 151

Web Security distributed enterprise deployment models ........................................ 152Applies to .......................................................................................................... 152In this topic ........................................................................................................ 152Overview ........................................................................................................... 152Sites in a region ................................................................................................ 152Expanding sites in a region ............................................................................... 153National or worldwide offices ............................................................................ 155

Web Security distributed deployments and secure VPN connections .................... 158


Contents

Applies to .......................................................................................................... 158Web Security distributed deployments and secure VPN connections .............. 158

Web Security Gateway (software-based).................................................................. 159Applies to ................................................................................................................ 159In this topic.............................................................................................................. 159Overview ................................................................................................................. 159Deployment............................................................................................................. 161Installation............................................................................................................... 161Initial configuration .................................................................................................. 162

Citrix Integration ......................................................................................................... 165Applies to ................................................................................................................ 165Citrix integration ...................................................................................................... 165Supported Citrix versions........................................................................................ 166

Applies to .......................................................................................................... 166Supported versions ........................................................................................... 166

Citrix client computers............................................................................................. 166Applies to .......................................................................................................... 166Citrix client computers....................................................................................... 167

Filtering Citrix server users ..................................................................................... 167Applies to .......................................................................................................... 167In this topic ........................................................................................................ 167Overview ........................................................................................................... 167Filtering both Citrix and non-Citrix users ........................................................... 169

Installing the Citrix Integration Service.................................................................... 170Applies to .......................................................................................................... 170In this topic ........................................................................................................ 170Overview ........................................................................................................... 170Installing Websense Web Filter or Web Security to integrate with Citrix .......... 170Installing the Citrix Integration Service on a Citrix Server ................................. 171

Upgrading Citrix Integration Service to 7.6 ............................................................. 181Applies to .......................................................................................................... 181Upgrading Citrix Integration Service to 7.6 ....................................................... 182

Configuring user access on Citrix servers............................................................... 182Applies to .......................................................................................................... 182In this topic ........................................................................................................ 182Overview ........................................................................................................... 182Citrix Presentation Server v4.0 ......................................................................... 183Citrix Presentation Server v4.5 and XenApp 5.0............................................... 183

Initial Setup of Citrix integration .............................................................................. 184Applies to .......................................................................................................... 184In this topic ........................................................................................................ 184Configuring for Citrix Virtual IP Addresses........................................................ 184Combining Citrix with another integration ......................................................... 184

Cisco Integration......................................................................................................... 189Applies to ................................................................................................................ 189In this topic.............................................................................................................. 189Overview ................................................................................................................. 189


Contents

How Websense filtering works with Cisco products................................................ 190Supported Cisco integration product versions ........................................................ 191Installation of Web Filter or Web Security............................................................... 191Upgrading Websense Web Filter or Web Security ................................................. 192Migrating between integrations after installation..................................................... 192Network Agent enhanced logging ........................................................................... 193

Configuring a Cisco Security Appliance .................................................................. 195Applies to ................................................................................................................ 195Configuring a Cisco security appliance................................................................... 195Cisco integration command conventions ................................................................ 196

Applies to .......................................................................................................... 196Command conventions ..................................................................................... 196

Cisco integration configuration procedure .............................................................. 196Applies to .......................................................................................................... 196In this topic ........................................................................................................ 196Configuration procedure.................................................................................... 196Parameters for the filter commands .................................................................. 203

User-based filtering for Cisco integration................................................................ 204Applies to .......................................................................................................... 204In this topic ........................................................................................................ 205Overview ........................................................................................................... 205Enable protocol filtering..................................................................................... 205

Upgrading Cisco PIX Firewall software to version 7.0 may stop Web filtering........ 206Applies to .......................................................................................................... 206Upgrading Cisco PIX Firewall software to version 7.0 may stop Web filtering.. 206

Configuring a Cisco IOS Router ................................................................................ 207Applies to ................................................................................................................ 207Overview ................................................................................................................. 207Cisco IOS startup configuration .............................................................................. 207

Applies to .......................................................................................................... 207Startup configuration ......................................................................................... 207

Cisco IOS configuration commands........................................................................ 210Applies to .......................................................................................................... 210Configuration commands .................................................................................. 210

Cisco IOS executable commands........................................................................... 214Applies to .......................................................................................................... 214Executable commands...................................................................................... 214

Configuring a Cisco Content Engine ........................................................................ 215Applies to ................................................................................................................ 215Overview ................................................................................................................. 215Cisco Content Engine Web-based interface ........................................................... 216

Applies to .......................................................................................................... 216Cisco Content Engine Web-based interface ..................................................... 216

Cisco Content Engine console or telnet session..................................................... 217Applies to .......................................................................................................... 217Cisco Content Engine console or telnet session............................................... 217

Verifying Cisco Content Engine configuration......................................................... 218


Contents

Applies to .......................................................................................................... 218Verifying Cisco Content Engine configuration................................................... 219

Configuring firewalls or routers when integrating with Cisco Content Engine......... 219Applies to .......................................................................................................... 219Configuring firewalls or routers when integrating with Cisco Content Engine... 219

Cisco Content Engine and browser access to the Internet ..................................... 220Applies to .......................................................................................................... 220Cisco Content Engine and browser access to the Internet ............................... 220

Cisco Content Engine clusters................................................................................ 221Applies to .......................................................................................................... 221Cisco Content Engine cluster............................................................................ 221

Microsoft ISA Server or Forefront TMG Integration ................................................ 223Applies to ................................................................................................................ 223Overview ................................................................................................................. 223How Websense filtering works with ISA/TMG......................................................... 224

Applies to .......................................................................................................... 224How Websense filtering works with ISA/TMG................................................... 224

Supported ISA Server and Forefront TMG versions ............................................... 225Applies to .......................................................................................................... 225Supported ISA Server and Forefront TMG versions ......................................... 225

Installing Web Security to integrate with ISA Server or Forefront TMG.................. 225Applies to .......................................................................................................... 225In this topic ........................................................................................................ 225Overview ........................................................................................................... 226Web Filter or Web Security and ISA/TMG on separate machines .................... 226Websense software and ISA Server on the same machine.............................. 232

Upgrading Web Security when integrated with ISA Server or Forefront TMG........ 233Applies to .......................................................................................................... 233Upgrading Web Security when integrated with ISA Server or Forefront TMG.. 233

Removing the ISAPI Filter Plug-In .......................................................................... 234Applies to .......................................................................................................... 234Removing the ISAPI Filter Plug-In .................................................................... 234

Converting to an integration with ISA Server or Forefront TMG ............................. 236Applies to .......................................................................................................... 236In this topic ........................................................................................................ 236Overview ........................................................................................................... 236Tasks................................................................................................................. 236Converting to an integrated system on a separate machine............................. 237Converting to an integration on the same machine........................................... 238

ISA Server or Forefront TMG initial setup............................................................... 240Applies to .......................................................................................................... 240ISA Server or Forefront TMG initial setup ......................................................... 240

Enabling communication with the Log Database when integrated with ISA Server or Forefront TMG ..................................................................................................... 241

Applies to .......................................................................................................... 241Enabling communication with the Log Database when integrated with ISA Server

or Forefront TMG ........................................................................................... 241WinSOCK and SOCKS proxy servers..................................................................... 242

Applies to .......................................................................................................... 242


Contents

WinSOCK and SOCKS proxy servers............................................................... 242Configuring for ISA/TMG using non-Web-Proxy clients .......................................... 242

Applies to .......................................................................................................... 242In this topic ........................................................................................................ 242Overview ........................................................................................................... 243Firewall/Forefront TMG Client ........................................................................... 243SecureNAT clients ............................................................................................ 243Configuring the ISAPI Filter plug-in................................................................... 244

Configuring the ISAPI Filter plug-in to ignore specific traffic ................................... 244Applies to .......................................................................................................... 244In this topic ........................................................................................................ 244Configuring the ISAPI Filter plug-in to ignore specific traffic ............................. 245Client computer configuration ........................................................................... 246Firewall configuration ........................................................................................ 246

Authentication when integrated with ISA Server or Forefront TMG ........................ 247Applies to .......................................................................................................... 247In this topic ........................................................................................................ 247Overview ........................................................................................................... 247ISA/TMG clients ................................................................................................ 248Firewall/Forefront TMG and SecureNAT clients ............................................... 249Web Proxy clients ............................................................................................. 249Authentication Methods..................................................................................... 250Transparent identification.................................................................................. 252

Troubleshooting integration with ISA Server or Forefront TMG.............................. 252Applies to .......................................................................................................... 252In this topic ........................................................................................................ 252Overview ........................................................................................................... 253SecureNAT clients are not being filtered........................................................... 253No filtering occurs after the ISAPI Filter plug-in is installed .............................. 253

Squid Web Proxy Cache Integration ......................................................................... 255Applies to ................................................................................................................ 255Overview ................................................................................................................. 255Supported Squid versions....................................................................................... 256

Applies to .......................................................................................................... 256Supported Squid versions ................................................................................. 256

Client computers and Squid integration .................................................................. 256Applies to .......................................................................................................... 256Client computers and Squid integration ............................................................ 256

How Websense filtering works when integrated with Squid Web Proxy Cache...... 257Applies to .......................................................................................................... 257How Websense filtering works when integrated with Squid Web Proxy Cache 257

HTTPS blocking when integrated with Squid.......................................................... 257Applies to .......................................................................................................... 257HTTPS blocking when integrated with Squid .................................................... 257

Installing Web Filter or Web Security to integrate with Squid Web Proxy Cache ... 258Applies to .......................................................................................................... 258In this topic ........................................................................................................ 258Overview ........................................................................................................... 258Websense software and Squid Web Proxy Cache on separate machines ....... 259


Contents

Websense software and Squid on the same machine ...................................... 262Upgrading the Squid plug-in ................................................................................... 265

Applies to .......................................................................................................... 265Upgrading the Squid plug-in.............................................................................. 265

Squid Web Proxy Cache integration initial setup .................................................... 266Applies to .......................................................................................................... 266In this topic ........................................................................................................ 266Overview ........................................................................................................... 266Identifying the Proxy Cache and the HTTP port for Network Agent.................. 266Client computer configuration ........................................................................... 267Configuring firewalls or routers ......................................................................... 267

Converting Web Filter or Web Security to be integrated with Squid Web Proxy Cache267

Applies to .......................................................................................................... 267In this topic ........................................................................................................ 267Overview ........................................................................................................... 268Tasks................................................................................................................. 268Converting to an integrated system on separate machines .............................. 268Converting to an integration on the same machine........................................... 271

Authentication when integrated with Squid Web Proxy Cache ............................... 274Applies to .......................................................................................................... 274In this topic ........................................................................................................ 274Overview ........................................................................................................... 274Client types ....................................................................................................... 275Authentication methods..................................................................................... 276Transparent identification.................................................................................. 277

Troubleshooting Squid Web Proxy Cache integration ............................................ 278Applies to .......................................................................................................... 278In this topic ........................................................................................................ 278Overview ........................................................................................................... 278Network Agent is not filtering or logging accurately .......................................... 278Internet requests are not being filtered ............................................................. 278Outgoing Internet traffic seems slow................................................................. 279Squid Web Proxy Cache crashes because it cannot launch Squid plug-in (WsRed-

tor).................................................................................................................. 279

Check Point Integration.............................................................................................. 281Applies to ................................................................................................................ 281In this topic.............................................................................................................. 281Overview ................................................................................................................. 281Supported Check Point product versions................................................................ 282How Websense filtering works with Check Point products ..................................... 282Distributed environments ........................................................................................ 283Client computers and Check Point products........................................................... 284Communicating with Websense software ............................................................... 284Enhanced UFP performance .................................................................................. 285Installing Web Filter or Web Security to integrate with Check Point ....................... 285Initial setup.............................................................................................................. 286Upgrade .................................................................................................................. 286Migrating between Check Point versions................................................................ 286


Contents

Configuring Check Point Products to Work with Web Filter or Web Security...... 289Applies to ................................................................................................................ 289In this topic.............................................................................................................. 289Overview ................................................................................................................. 289Creating a network object ....................................................................................... 290Creating an OPSEC application object ................................................................... 292Creating Resource Objects..................................................................................... 294Defining rules .......................................................................................................... 297Configuring enhanced UFP performance ............................................................... 300

Websense configuration.................................................................................... 300Check Point product configuration .................................................................... 301

Configuring Check Point Secure Communication................................................... 305Applies to ................................................................................................................ 305In this topic.............................................................................................................. 305Overview ................................................................................................................. 305Establishing Secure Internal Communication ......................................................... 305

Prerequisites ..................................................................................................... 306Configuring the Check Point product to use SIC............................................... 307Configuring Websense software to use SIC ..................................................... 309Stopping and restarting the UFP Server ........................................................... 311Updating the OPSEC Application object ........................................................... 311

Restoring Clear Communication ............................................................................. 313

Troubleshooting Check Point Integration ................................................................ 315Applies to ................................................................................................................ 315In this topic.............................................................................................................. 315Where can I find download and error messages? .................................................. 315The Master Database does not download .............................................................. 315Websense dictionary does not load in the Check Point product............................. 316

Port mismatch ................................................................................................... 316Communication mismatch................................................................................. 317Policy properties................................................................................................ 317SIC trust configuration in FireWall-1 NG........................................................... 317

No filtering occurs after enabling enhanced UFP performance .............................. 318FTP requests are not being blocked as expected................................................... 318

Universal Integrations ................................................................................................ 321Applies to ................................................................................................................ 321In this topic.............................................................................................................. 321Overview ................................................................................................................. 321How Websense filtering works with your integration............................................... 322Installing Web Filter or Web Security to be integrated............................................ 322Upgrading when integrated..................................................................................... 323Initial setup.............................................................................................................. 324Migrating to a different integration after installation ................................................ 324

Installing Web Security Components on Linux ....................................................... 327Applies to ................................................................................................................ 327In this topic.............................................................................................................. 327


Contents

Overview ................................................................................................................. 327Filtering installation ................................................................................................. 328Custom installation.................................................................................................. 328Starting the Web Security Linux installer ................................................................ 328

Applies to .......................................................................................................... 328Starting the Web Security Linux installer .......................................................... 329

Installing all Web security filtering components on Linux........................................ 330Applies to .......................................................................................................... 330Installing all Web security filtering components on Linux.................................. 330

Installing Web Security components on Linux ........................................................ 334Applies to .......................................................................................................... 334Installing Web Security components on Linux .................................................. 334

Web Security Gateway Anywhere (software-based) ............................................... 349Applies to ................................................................................................................ 349In this topic.............................................................................................................. 349Overview ................................................................................................................. 349Deployment............................................................................................................. 351Installation............................................................................................................... 352Initial configuration .................................................................................................. 353

Websense Content Gateway...................................................................................... 355Applies to ................................................................................................................ 355In this topic.............................................................................................................. 355Overview ................................................................................................................. 355Deployment............................................................................................................. 357Installation............................................................................................................... 357Initial configuration .................................................................................................. 357Online Help ............................................................................................................. 358Installing Web Security components to work with Websense Content Gateway .... 358

Applies to .......................................................................................................... 358Installing Web Security components to work with Websense Content Gateway ....

358Preparing to install Websense Content Gateway ................................................... 359

Applies to .......................................................................................................... 359In this topic ........................................................................................................ 359Overview ........................................................................................................... 359Downloading the installer .................................................................................. 359Internet connectivity .......................................................................................... 360Security of the Websense Content Gateway machine...................................... 360Explicit or Transparent Proxying by Websense Content Gateway.................... 362System requirements for Websense Content Gateway .................................... 364Hostname and DNS configuration for Websense Content Gateway................. 367Preparing a cache disk for use by Websense Content Gateway ...................... 368Preparing for a clustered deployment of Websense Content Gateway ............ 369

Installing Websense Content Gateway ................................................................... 370Applies to .......................................................................................................... 370Installing Websense Content Gateway ............................................................. 370

Deploying Websense Content Gateway ................................................................... 379


Contents

Applies to ................................................................................................................ 379Deploying Websense Content Gateway ................................................................. 379Content Gateway deployment issues ..................................................................... 380

Applies to .......................................................................................................... 380In this topic ........................................................................................................ 380Overview ........................................................................................................... 380Proxy deployment options................................................................................. 381User authentication ........................................................................................... 382HTTPS content inspection ................................................................................ 383Handling special cases ..................................................................................... 384

Content Gateway explicit and transparent proxy deployments............................... 384Applies to .......................................................................................................... 384In this topic ........................................................................................................ 384Overview ........................................................................................................... 384Explicit proxy deployment ................................................................................. 385Transparent proxy deployment ......................................................................... 385

Special Content Gateway deployment scenarios ................................................... 389Applies to .......................................................................................................... 389In this topic ........................................................................................................ 389Overview ........................................................................................................... 390Highly available Web proxy............................................................................... 390In a proxy chain................................................................................................. 394

Chaining Content Gateway with other Proxies ........................................................ 399Applies to ................................................................................................................ 399In this topic.............................................................................................................. 399Blue Coat ProxySG................................................................................................. 399

Editing the local policy file ................................................................................. 399Using the Blue Coat graphical Visual Policy Manager ...................................... 400

Microsoft Internet Security and Acceleration (ISA) server and Forefront Threat Man-agement Gateway (TMG)..................................................................................... 401

Web Security Gateway (appliance-based)................................................................ 403Applies to ................................................................................................................ 403In this topic.............................................................................................................. 403Overview ................................................................................................................. 403Deployment............................................................................................................. 405Installation............................................................................................................... 405Initial configuration .................................................................................................. 406Setting up the appliance ......................................................................................... 406

Applies to .......................................................................................................... 406In this topic ........................................................................................................ 406Overview ........................................................................................................... 407Perform initial command-line configuration ....................................................... 407Configure the appliance .................................................................................... 409

Installing off-appliance or optional components...................................................... 415Applies to .......................................................................................................... 415Installing off-appliance or optional components ................................................ 415

Web Security Gateway Anywhere (appliance-based).............................................. 417


Contents

Applies to ................................................................................................................ 417In this topic.............................................................................................................. 417Overview ................................................................................................................. 417Deployment............................................................................................................. 419Installation............................................................................................................... 419Initial configuration .................................................................................................. 420Setting up the appliance ......................................................................................... 421

Applies to .......................................................................................................... 421In this topic ........................................................................................................ 421Overview ........................................................................................................... 421Perform initial command-line configuration ....................................................... 422Configure the appliance .................................................................................... 424

Installing off-appliance or optional components...................................................... 430Applies to .......................................................................................................... 430Installing off-appliance or optional components ................................................ 430

TRITON management server as policy source for filtering-only appliance............. 431Applies to .......................................................................................................... 431TRITON management server as policy source for filtering-only appliance ....... 431

Data Security ............................................................................................................... 433Applies to ................................................................................................................ 433In this topic.............................................................................................................. 433Overview ................................................................................................................. 433Deployment............................................................................................................. 435Installation............................................................................................................... 436Initial configuration .................................................................................................. 436Installing Data Security on a virtual machine .......................................................... 436

Applies to .......................................................................................................... 436Installing Data Security on a virtual machine .................................................... 437

Planning Data Security Deployment ......................................................................... 447Applies to ................................................................................................................ 447Overview ................................................................................................................. 447Deciding what data to protect ................................................................................. 447

Applies to .......................................................................................................... 447In this topic ........................................................................................................ 447Overview ........................................................................................................... 448Geographical..................................................................................................... 448Industry ............................................................................................................. 448Sector................................................................................................................ 448General ............................................................................................................. 449

Determining where your confidential data resides .................................................. 449Applies to .......................................................................................................... 449In this topic ........................................................................................................ 449Overview ........................................................................................................... 449Corporate file servers and shared drives .......................................................... 450In-house databases........................................................................................... 450

Determining your information flow .......................................................................... 451Applies to .......................................................................................................... 451Determining your information flow..................................................................... 451


Contents

Defining the business owners for the data.............................................................. 451Applies to .......................................................................................................... 451Defining the business owners for the data ........................................................ 451

Deciding who will manage incidents ....................................................................... 452Applies to .......................................................................................................... 452Deciding who will manage incidents ................................................................. 452

Planning access control .......................................................................................... 452Applies to .......................................................................................................... 452Planning access control .................................................................................... 452

Analyzing network structure.................................................................................... 453Applies to .......................................................................................................... 453In this topic ........................................................................................................ 453Overview ........................................................................................................... 453Structural guidelines.......................................................................................... 453

Planning network resources.................................................................................... 454Applies to .......................................................................................................... 454In this topic ........................................................................................................ 454Overview ........................................................................................................... 454Allocating disk space......................................................................................... 455Modifying the disk space setting ....................................................................... 455Distributing resources ....................................................................................... 456

Most common depl

Deployment and Installation Center - Forcepoint€¦ · Deployment and Installation Center 5...

Documents

Transcript of Deployment and Installation Center - Forcepoint€¦ · Deployment and Installation Center 5...