Deployment and Installation Center v7.6.x Websense ® TRITON ™ Enterprise
Deployment and Instal lat ion Center
v7.6.x
Websense® TRITON™ Enterpr ise
Deployment and Installation CenterWebsense TRITON Enterprise version 7.6April 2012
Copyright © 1996-2012 Websense, Inc. All rights reserved.This document contains proprietary and confidential information of Websense, Inc. The contents of this document may not be disclosed to third parties, copied, or duplicated in any form, in whole or in part, without prior written permission of Websense, Inc.Every effort has been made to ensure the accuracy of this manual. However, Websense Inc. makes no warranties with respect to this documentation and disclaim any implied warranties of merchantability and fitness for a particular purpose. Websense Inc. shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.
TrademarksWebsense, the Websense Logo, and ThreatSeeker are registered trademarks of Websense, Inc. in the United States and/or other countries. TRITON, Websense Security Labs, and Advanced Classification Engine (ACE), V-Series, TruWeb DLP, TruHybrid, and TruEmail DLP are trademarks of Websense Inc. in the United States and other countries.Microsoft, Windows, Windows NT, Windows Server, and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.Mozilla and Firefox are registered trademarks of the Mozilla Foundation in the United States and/or other countries.eDirectory and Novell Directory Services are a registered trademarks of Novell, Inc., in the U.S. and other countries.Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.Red Hat is a registered trademark of Red Hat, Inc., in the United States and other countries. Linux is a trademark of Linus Torvalds, in the United States and other countries.This product includes software distributed by the Apache Software Foundation (http://www.apache.org). Copyright (c) 2000. The Apache Software Foundation. All rights reserved.Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are the sole property of their respective manufacturers.
Summary Contents
Summary ContentsSummary Contents ......................................................................................................... 1
Contents .......................................................................................................................... 5
Deployment and Installation Center............................................................................ 37
System Requirements .................................................................................................. 41
Preparing for Installation ............................................................................................. 55
Obtaining SQL Server................................................................................................... 67
Web Filter or Web Security (software-based) ............................................................ 69
Web Security All............................................................................................................ 75
General Deployment Recommendations for Web Security ...................................... 85
Deploying Network Agent .......................................................................................... 105
Integrating Web Security with Other Products ........................................................ 125
Web Security Distributed Enterprise Deployments................................................. 147
Web Security Gateway (software-based).................................................................. 161
Citrix Integration ......................................................................................................... 167
Cisco Integration......................................................................................................... 193
Configuring a Cisco Security Appliance .................................................................. 199
Configuring a Cisco IOS Router ................................................................................ 211
Configuring a Cisco Content Engine ........................................................................ 219
Microsoft ISA Server or Forefront TMG Integration ................................................ 227
Squid Web Proxy Cache Integration ......................................................................... 259
Check Point Integration.............................................................................................. 285
Configuring Check Point Products to Work with Web Filter or Web Security...... 291
Configuring Check Point Secure Communication................................................... 307
Deployment and Installation Center 1
Summary Contents
Troubleshooting Check Point Integration ................................................................ 317
Universal Integrations ................................................................................................ 323
Installing Web Security Components on Linux ....................................................... 329
Web Security Gateway Anywhere (software-based) ............................................... 351
Websense Content Gateway...................................................................................... 357
Deploying Websense Content Gateway ................................................................... 381
Chaining Content Gateway with other Proxies ........................................................ 401
Web Security Gateway (appliance-based)................................................................ 405
Web Security Gateway Anywhere (appliance-based).............................................. 419
Data Security ............................................................................................................... 435
Planning Data Security Deployment ......................................................................... 449
Choosing and Deploying Data Security Agents ...................................................... 473
Integrating Data Security with Existing Infrastructure............................................ 519
Scaling Data Security ................................................................................................. 553
Data Security Protector CLI ....................................................................................... 561
Email Security Gateway (V5000 G2).......................................................................... 575
Email Security Gateway (V10000 G2)........................................................................ 585
Websense Email Security Gateway Deployment ..................................................... 595
Web and Email Security Gateway (V10000 G2)........................................................ 607
Web Security Gateway Anywhere and Email Security Gateway (V10000 G2)..................................................................... 621
TRITON Enterprise (V10000 G2) ................................................................................ 637
Creating a TRITON Management Server................................................................... 645
Custom Deployment ................................................................................................... 657
Components ................................................................................................................ 707
Installing and Deploying Websense Endpoint Clients ............................................ 741
2 Websense TRITON Enterprise
Summary Contents
Initial Configuration .................................................................................................... 763
Adding or Modifying Components ............................................................................ 791
Removing Components.............................................................................................. 805
Upgrading Websense software to the latest v7.6.x ................................................. 821
Upgrading Web Security or Web Filter to 7.6.0........................................................ 829
Upgrading Websense Content Gateway to 7.6.0 ..................................................... 853
Upgrading Websense Content Gateway to v7.6.2 ................................................... 863
Upgrading to Websense Web Security Gateway Anywhere to v7.6.0.................... 871
Upgrading to Data Security 7.6.0............................................................................... 879
Upgrading V-Series Appliance to 7.6 ........................................................................ 907
Upgrading or Merging Administrators...................................................................... 917
Starting or Stopping Web Security Services............................................................ 923
Default ports................................................................................................................ 927
Excluding Websense Files from Antivirus Scans.................................................... 939
Migrating from MSDE to SQL Server 2008 R2 Express........................................... 943
Changing the IP Address, Host Name, or Domain of the TRITON Management Server951
Creating Apache SSL Certificates............................................................................. 973
Deployment and Installation Center 3
Summary Contents
4 Websense TRITON Enterprise
Contents
ContentsSummary Contents ......................................................................................................... 1
Contents .......................................................................................................................... 5
Deployment and Installation Center............................................................................ 37Applies to .................................................................................................................. 37In this topic................................................................................................................ 37Overview ................................................................................................................... 37Deployment scenarios .............................................................................................. 38Upgrade scenarios.................................................................................................... 38How to use the Deployment and Installation Center................................................. 38Previous version deployment and installation documentation .................................. 39
System Requirements .................................................................................................. 41Applies to .................................................................................................................. 41In this topic................................................................................................................ 41TRITON management server.................................................................................... 41
Operating system................................................................................................ 42Hardware requirements....................................................................................... 43Browser ............................................................................................................... 44Virtualization systems ......................................................................................... 44TRITON local database system .......................................................................... 44TRITON remote database system ...................................................................... 44Directory Services for Administrators.................................................................. 45
Web Security and Web Security Gateway ................................................................ 45Software deployments......................................................................................... 45Appliance deployments ....................................................................................... 46Client OS............................................................................................................. 46Integrations ......................................................................................................... 46Directory Services ............................................................................................... 47RADIUS............................................................................................................... 47
Email Security Gateway............................................................................................ 47Email Security Log Server................................................................................... 48
Data Security ............................................................................................................ 49Operating system................................................................................................ 49Data Security Server hardware requirements ..................................................... 49Data Security Server software requirements ...................................................... 50Protector hardware requirements........................................................................ 50Data Endpoint hardware requirements ............................................................... 51
Preparing for Installation ............................................................................................. 53Applies to .................................................................................................................. 53In this topic................................................................................................................ 53Overview ................................................................................................................... 54All .............................................................................................................................. 54
2 GB required on Windows drive ........................................................................ 55
Deployment and Installation Center 5
Contents
Windows updates................................................................................................ 55Websense installer.............................................................................................. 55Starting the Websense installer .......................................................................... 55Web Security installer for Linux........................................................................... 55Domain Administrator privileges ......................................................................... 55Synchronizing clocks........................................................................................... 56Antivirus .............................................................................................................. 56Firewall................................................................................................................ 56Computer Browser service (Windows Server 2008) ........................................... 56Remote control utilities........................................................................................ 56Microsoft hotfix for large installers (Windows Server 2003) ................................ 57.NET Framework 2.0 ........................................................................................... 57Keeping installer files .......................................................................................... 57
TRITON Unified Security Center............................................................................... 58Disable Windows Firewall during installation ...................................................... 58Do not install on a Domain Controller ................................................................. 58Local SQL Server................................................................................................ 58
SQL Server 2008 R2 Express................................................................................... 58.NET Framework 3.5 SP1 ................................................................................... 58Windows Installer 4.5 .......................................................................................... 59Windows PowerShell 1.0 .................................................................................... 59Log in as domain user......................................................................................... 59
Web security ............................................................................................................. 59Filtering Service Internet access ......................................................................... 59Network Agent..................................................................................................... 60Installing on Linux ............................................................................................... 61TCP/IP only ......................................................................................................... 62
Data Security ............................................................................................................ 62No underscores in FQDN.................................................................................... 62Preparing a machine for SMTP agent................................................................. 62Do not install Data Security Server on a DC....................................................... 63Domain considerations........................................................................................ 631 GB disk space required for ISA Agent ............................................................. 63
Obtaining SQL Server................................................................................................... 65Applies to .................................................................................................................. 65SQL Server ............................................................................................................... 65
Web Filter or Web Security (software-based) ............................................................ 67Applies to .................................................................................................................. 67In this topic................................................................................................................ 67Overview ................................................................................................................... 67Deployment............................................................................................................... 69Installation................................................................................................................. 69Initial configuration .................................................................................................... 70
Web Security All............................................................................................................ 73Applies to .................................................................................................................. 73In this topic................................................................................................................ 73Overview ................................................................................................................... 73
6 Websense TRITON Enterprise
Contents
Deployment............................................................................................................... 75Installation................................................................................................................. 75Initial configuration .................................................................................................... 76Installing Web Security All components.................................................................... 77
Applies to ............................................................................................................ 77Installing Web Security All components .............................................................. 77
Adding the TRITON - Data Security module............................................................. 82Applies to ............................................................................................................ 82Adding the TRITON - Data Security module ....................................................... 82
General Deployment Recommendations for Web Security ...................................... 83Applies to .................................................................................................................. 83Topics ....................................................................................................................... 83Network considerations............................................................................................. 83
Applies to ............................................................................................................ 83Network considerations....................................................................................... 84
Component limits and ratios ..................................................................................... 85Applies to ............................................................................................................ 85In this topic .......................................................................................................... 85Overview ............................................................................................................. 85Component Limits ............................................................................................... 85Component ratios................................................................................................ 86Multiple Directory Agent instances...................................................................... 88
Required external resources..................................................................................... 88Applies to ............................................................................................................ 88Overview ............................................................................................................. 89TCP/IP................................................................................................................. 89DNS server.......................................................................................................... 89Directory services................................................................................................ 89Network efficiency ............................................................................................... 89
Deploying transparent identification agents .............................................................. 89Applies to ............................................................................................................ 89In this topic .......................................................................................................... 90Overview ............................................................................................................. 90Combining transparent identification agents ....................................................... 91
Maximizing system performance............................................................................... 92Applies to ............................................................................................................ 92In this topic .......................................................................................................... 93Overview ............................................................................................................. 93Network Agent..................................................................................................... 93HTTP reporting.................................................................................................... 93SQL Server ......................................................................................................... 94Log Database disk space recommendations ...................................................... 95
Hardware recommendations for stand-alone deployments of Web Filter or Web Secu-rity .......................................................................................................................... 96
Applies to ............................................................................................................ 96Hardware recommendations for stand-alone deployments of Web Filter or Web
Security ............................................................................................................ 96Remote Filtering Server and Client ........................................................................... 99
Applies to ............................................................................................................ 99
Deployment and Installation Center 7
Contents
Remote Filtering Server and Client ..................................................................... 99
Deploying Network Agent .......................................................................................... 103Applies to ................................................................................................................ 103Overview ................................................................................................................. 103Network Agent ........................................................................................................ 104
Applies to .......................................................................................................... 104In this topic ........................................................................................................ 104Overview ........................................................................................................... 104Network Agent settings ..................................................................................... 105
Network Agent location ........................................................................................... 105Applies to .......................................................................................................... 105Network Agent location ..................................................................................... 105
Locating Network Agent in single segment network ............................................... 107Applies to .......................................................................................................... 107Locating Network Agent in single segment network ......................................... 107
Locating Network Agent in multiple segment network ............................................ 108Applies to .......................................................................................................... 108In this topic ........................................................................................................ 108Overview ........................................................................................................... 108Deploying multiple Network Agents .................................................................. 108Central Network Agent placement .................................................................... 109Distributed Network Agent placement............................................................... 110
Connecting Network Agent to a hub ....................................................................... 112Applies to .......................................................................................................... 112Connecting Network Agent to a hub ................................................................. 112
Switched networks with a single Network Agent..................................................... 112Applies to .......................................................................................................... 112Switched networks with a single Network Agent............................................... 113
Switched networks with multiple Network Agents ................................................... 117Applies to .......................................................................................................... 117Switched networks with multiple Network Agents ............................................. 117
Network Agent on gateway ..................................................................................... 118Applies to .......................................................................................................... 118Network Agent on gateway ............................................................................... 118
Network Agent and multiple NICs ........................................................................... 119Applies to .......................................................................................................... 119Network Agent and multiple NICs ..................................................................... 120
NAT and Network Agent deployment...................................................................... 121Applies to .......................................................................................................... 121NAT and Network Agent deployment................................................................ 121
Integrating Web Security with Other Products ........................................................ 123Applies to ................................................................................................................ 123Integrating Web Security with other products ......................................................... 123Integrating Web Security with Content Gateway .................................................... 124
Applies to .......................................................................................................... 124Integrating Web Security with Content Gateway............................................... 124
Integrating Web Security with Microsoft ISA Server or Forefront TMG................... 126Applies to .......................................................................................................... 126
8 Websense TRITON Enterprise
Contents
In this topic ........................................................................................................ 126Overview ........................................................................................................... 126Single Microsoft ISA/TMG configuration ........................................................... 127Array configuration ............................................................................................ 129
Integrating Web Security with Cisco ....................................................................... 130Applies to .......................................................................................................... 130In this topic ........................................................................................................ 130Cisco PIX/ASA .................................................................................................. 130Cisco Content Engine ....................................................................................... 131Cisco IOS Routers ............................................................................................ 133
Integrating Web Security with Check Point ............................................................. 134Applies to .......................................................................................................... 134In this topic ........................................................................................................ 134Overview ........................................................................................................... 134Simple ............................................................................................................... 134Distributed ......................................................................................................... 136
Integrating Web Security with Squid Web Proxy Cache ......................................... 137Applies to .......................................................................................................... 137In this topic ........................................................................................................ 137Overview ........................................................................................................... 137Single Squid Web Proxy Cache configuration .................................................. 137Array configuration ............................................................................................ 139
Integrating Web Security with Citrix ........................................................................ 141Applies to .......................................................................................................... 141Integrating Web Security with Citrix .................................................................. 141
Other integrations for Web Security ........................................................................ 143Applies to .......................................................................................................... 143Other integrations for Web Security .................................................................. 143
Web Security Distributed Enterprise Deployments................................................. 145Applies to ................................................................................................................ 145Web Security distributed enterprise deployments................................................... 145Web Security basic distributed enterprise topology ................................................ 146
Applies to .......................................................................................................... 146In this topic ........................................................................................................ 146Web Security and Web Security Gateway ........................................................ 146Websense Web Security Gateway Anywhere................................................... 148
Web Security filtering remote sites ......................................................................... 149Applies to .......................................................................................................... 149In this topic ........................................................................................................ 149Websense Web Security or Web Security Gateway ......................................... 149Websense Web Security Gateway Anywhere................................................... 151
Web Security distributed enterprise deployment models ........................................ 152Applies to .......................................................................................................... 152In this topic ........................................................................................................ 152Overview ........................................................................................................... 152Sites in a region ................................................................................................ 152Expanding sites in a region ............................................................................... 153National or worldwide offices ............................................................................ 155
Web Security distributed deployments and secure VPN connections .................... 158
Deployment and Installation Center 9
Contents
Applies to .......................................................................................................... 158Web Security distributed deployments and secure VPN connections .............. 158
Web Security Gateway (software-based).................................................................. 159Applies to ................................................................................................................ 159In this topic.............................................................................................................. 159Overview ................................................................................................................. 159Deployment............................................................................................................. 161Installation............................................................................................................... 161Initial configuration .................................................................................................. 162
Citrix Integration ......................................................................................................... 165Applies to ................................................................................................................ 165Citrix integration ...................................................................................................... 165Supported Citrix versions........................................................................................ 166
Applies to .......................................................................................................... 166Supported versions ........................................................................................... 166
Citrix client computers............................................................................................. 166Applies to .......................................................................................................... 166Citrix client computers....................................................................................... 167
Filtering Citrix server users ..................................................................................... 167Applies to .......................................................................................................... 167In this topic ........................................................................................................ 167Overview ........................................................................................................... 167Filtering both Citrix and non-Citrix users ........................................................... 169
Installing the Citrix Integration Service.................................................................... 170Applies to .......................................................................................................... 170In this topic ........................................................................................................ 170Overview ........................................................................................................... 170Installing Websense Web Filter or Web Security to integrate with Citrix .......... 170Installing the Citrix Integration Service on a Citrix Server ................................. 171
Upgrading Citrix Integration Service to 7.6 ............................................................. 181Applies to .......................................................................................................... 181Upgrading Citrix Integration Service to 7.6 ....................................................... 182
Configuring user access on Citrix servers............................................................... 182Applies to .......................................................................................................... 182In this topic ........................................................................................................ 182Overview ........................................................................................................... 182Citrix Presentation Server v4.0 ......................................................................... 183Citrix Presentation Server v4.5 and XenApp 5.0............................................... 183
Initial Setup of Citrix integration .............................................................................. 184Applies to .......................................................................................................... 184In this topic ........................................................................................................ 184Configuring for Citrix Virtual IP Addresses........................................................ 184Combining Citrix with another integration ......................................................... 184
Cisco Integration......................................................................................................... 189Applies to ................................................................................................................ 189In this topic.............................................................................................................. 189Overview ................................................................................................................. 189
10 Websense TRITON Enterprise
Contents
How Websense filtering works with Cisco products................................................ 190Supported Cisco integration product versions ........................................................ 191Installation of Web Filter or Web Security............................................................... 191Upgrading Websense Web Filter or Web Security ................................................. 192Migrating between integrations after installation..................................................... 192Network Agent enhanced logging ........................................................................... 193
Configuring a Cisco Security Appliance .................................................................. 195Applies to ................................................................................................................ 195Configuring a Cisco security appliance................................................................... 195Cisco integration command conventions ................................................................ 196
Applies to .......................................................................................................... 196Command conventions ..................................................................................... 196
Cisco integration configuration procedure .............................................................. 196Applies to .......................................................................................................... 196In this topic ........................................................................................................ 196Configuration procedure.................................................................................... 196Parameters for the filter commands .................................................................. 203
User-based filtering for Cisco integration................................................................ 204Applies to .......................................................................................................... 204In this topic ........................................................................................................ 205Overview ........................................................................................................... 205Enable protocol filtering..................................................................................... 205
Upgrading Cisco PIX Firewall software to version 7.0 may stop Web filtering........ 206Applies to .......................................................................................................... 206Upgrading Cisco PIX Firewall software to version 7.0 may stop Web filtering.. 206
Configuring a Cisco IOS Router ................................................................................ 207Applies to ................................................................................................................ 207Overview ................................................................................................................. 207Cisco IOS startup configuration .............................................................................. 207
Applies to .......................................................................................................... 207Startup configuration ......................................................................................... 207
Cisco IOS configuration commands........................................................................ 210Applies to .......................................................................................................... 210Configuration commands .................................................................................. 210
Cisco IOS executable commands........................................................................... 214Applies to .......................................................................................................... 214Executable commands...................................................................................... 214
Configuring a Cisco Content Engine ........................................................................ 215Applies to ................................................................................................................ 215Overview ................................................................................................................. 215Cisco Content Engine Web-based interface ........................................................... 216
Applies to .......................................................................................................... 216Cisco Content Engine Web-based interface ..................................................... 216
Cisco Content Engine console or telnet session..................................................... 217Applies to .......................................................................................................... 217Cisco Content Engine console or telnet session............................................... 217
Verifying Cisco Content Engine configuration......................................................... 218
Deployment and Installation Center 11
Contents
Applies to .......................................................................................................... 218Verifying Cisco Content Engine configuration................................................... 219
Configuring firewalls or routers when integrating with Cisco Content Engine......... 219Applies to .......................................................................................................... 219Configuring firewalls or routers when integrating with Cisco Content Engine... 219
Cisco Content Engine and browser access to the Internet ..................................... 220Applies to .......................................................................................................... 220Cisco Content Engine and browser access to the Internet ............................... 220
Cisco Content Engine clusters................................................................................ 221Applies to .......................................................................................................... 221Cisco Content Engine cluster............................................................................ 221
Microsoft ISA Server or Forefront TMG Integration ................................................ 223Applies to ................................................................................................................ 223Overview ................................................................................................................. 223How Websense filtering works with ISA/TMG......................................................... 224
Applies to .......................................................................................................... 224How Websense filtering works with ISA/TMG................................................... 224
Supported ISA Server and Forefront TMG versions ............................................... 225Applies to .......................................................................................................... 225Supported ISA Server and Forefront TMG versions ......................................... 225
Installing Web Security to integrate with ISA Server or Forefront TMG.................. 225Applies to .......................................................................................................... 225In this topic ........................................................................................................ 225Overview ........................................................................................................... 226Web Filter or Web Security and ISA/TMG on separate machines .................... 226Websense software and ISA Server on the same machine.............................. 232
Upgrading Web Security when integrated with ISA Server or Forefront TMG........ 233Applies to .......................................................................................................... 233Upgrading Web Security when integrated with ISA Server or Forefront TMG.. 233
Removing the ISAPI Filter Plug-In .......................................................................... 234Applies to .......................................................................................................... 234Removing the ISAPI Filter Plug-In .................................................................... 234
Converting to an integration with ISA Server or Forefront TMG ............................. 236Applies to .......................................................................................................... 236In this topic ........................................................................................................ 236Overview ........................................................................................................... 236Tasks................................................................................................................. 236Converting to an integrated system on a separate machine............................. 237Converting to an integration on the same machine........................................... 238
ISA Server or Forefront TMG initial setup............................................................... 240Applies to .......................................................................................................... 240ISA Server or Forefront TMG initial setup ......................................................... 240
Enabling communication with the Log Database when integrated with ISA Server or Forefront TMG ..................................................................................................... 241
Applies to .......................................................................................................... 241Enabling communication with the Log Database when integrated with ISA Server
or Forefront TMG ........................................................................................... 241WinSOCK and SOCKS proxy servers..................................................................... 242
Applies to .......................................................................................................... 242
12 Websense TRITON Enterprise
Contents
WinSOCK and SOCKS proxy servers............................................................... 242Configuring for ISA/TMG using non-Web-Proxy clients .......................................... 242
Applies to .......................................................................................................... 242In this topic ........................................................................................................ 242Overview ........................................................................................................... 243Firewall/Forefront TMG Client ........................................................................... 243SecureNAT clients ............................................................................................ 243Configuring the ISAPI Filter plug-in................................................................... 244
Configuring the ISAPI Filter plug-in to ignore specific traffic ................................... 244Applies to .......................................................................................................... 244In this topic ........................................................................................................ 244Configuring the ISAPI Filter plug-in to ignore specific traffic ............................. 245Client computer configuration ........................................................................... 246Firewall configuration ........................................................................................ 246
Authentication when integrated with ISA Server or Forefront TMG ........................ 247Applies to .......................................................................................................... 247In this topic ........................................................................................................ 247Overview ........................................................................................................... 247ISA/TMG clients ................................................................................................ 248Firewall/Forefront TMG and SecureNAT clients ............................................... 249Web Proxy clients ............................................................................................. 249Authentication Methods..................................................................................... 250Transparent identification.................................................................................. 252
Troubleshooting integration with ISA Server or Forefront TMG.............................. 252Applies to .......................................................................................................... 252In this topic ........................................................................................................ 252Overview ........................................................................................................... 253SecureNAT clients are not being filtered........................................................... 253No filtering occurs after the ISAPI Filter plug-in is installed .............................. 253
Squid Web Proxy Cache Integration ......................................................................... 255Applies to ................................................................................................................ 255Overview ................................................................................................................. 255Supported Squid versions....................................................................................... 256
Applies to .......................................................................................................... 256Supported Squid versions ................................................................................. 256
Client computers and Squid integration .................................................................. 256Applies to .......................................................................................................... 256Client computers and Squid integration ............................................................ 256
How Websense filtering works when integrated with Squid Web Proxy Cache...... 257Applies to .......................................................................................................... 257How Websense filtering works when integrated with Squid Web Proxy Cache 257
HTTPS blocking when integrated with Squid.......................................................... 257Applies to .......................................................................................................... 257HTTPS blocking when integrated with Squid .................................................... 257
Installing Web Filter or Web Security to integrate with Squid Web Proxy Cache ... 258Applies to .......................................................................................................... 258In this topic ........................................................................................................ 258Overview ........................................................................................................... 258Websense software and Squid Web Proxy Cache on separate machines ....... 259
Deployment and Installation Center 13
Contents
Websense software and Squid on the same machine ...................................... 262Upgrading the Squid plug-in ................................................................................... 265
Applies to .......................................................................................................... 265Upgrading the Squid plug-in.............................................................................. 265
Squid Web Proxy Cache integration initial setup .................................................... 266Applies to .......................................................................................................... 266In this topic ........................................................................................................ 266Overview ........................................................................................................... 266Identifying the Proxy Cache and the HTTP port for Network Agent.................. 266Client computer configuration ........................................................................... 267Configuring firewalls or routers ......................................................................... 267
Converting Web Filter or Web Security to be integrated with Squid Web Proxy Cache267
Applies to .......................................................................................................... 267In this topic ........................................................................................................ 267Overview ........................................................................................................... 268Tasks................................................................................................................. 268Converting to an integrated system on separate machines .............................. 268Converting to an integration on the same machine........................................... 271
Authentication when integrated with Squid Web Proxy Cache ............................... 274Applies to .......................................................................................................... 274In this topic ........................................................................................................ 274Overview ........................................................................................................... 274Client types ....................................................................................................... 275Authentication methods..................................................................................... 276Transparent identification.................................................................................. 277
Troubleshooting Squid Web Proxy Cache integration ............................................ 278Applies to .......................................................................................................... 278In this topic ........................................................................................................ 278Overview ........................................................................................................... 278Network Agent is not filtering or logging accurately .......................................... 278Internet requests are not being filtered ............................................................. 278Outgoing Internet traffic seems slow................................................................. 279Squid Web Proxy Cache crashes because it cannot launch Squid plug-in (WsRed-
tor).................................................................................................................. 279
Check Point Integration.............................................................................................. 281Applies to ................................................................................................................ 281In this topic.............................................................................................................. 281Overview ................................................................................................................. 281Supported Check Point product versions................................................................ 282How Websense filtering works with Check Point products ..................................... 282Distributed environments ........................................................................................ 283Client computers and Check Point products........................................................... 284Communicating with Websense software ............................................................... 284Enhanced UFP performance .................................................................................. 285Installing Web Filter or Web Security to integrate with Check Point ....................... 285Initial setup.............................................................................................................. 286Upgrade .................................................................................................................. 286Migrating between Check Point versions................................................................ 286
14 Websense TRITON Enterprise
Contents
Configuring Check Point Products to Work with Web Filter or Web Security...... 289Applies to ................................................................................................................ 289In this topic.............................................................................................................. 289Overview ................................................................................................................. 289Creating a network object ....................................................................................... 290Creating an OPSEC application object ................................................................... 292Creating Resource Objects..................................................................................... 294Defining rules .......................................................................................................... 297Configuring enhanced UFP performance ............................................................... 300
Websense configuration.................................................................................... 300Check Point product configuration .................................................................... 301
Configuring Check Point Secure Communication................................................... 305Applies to ................................................................................................................ 305In this topic.............................................................................................................. 305Overview ................................................................................................................. 305Establishing Secure Internal Communication ......................................................... 305
Prerequisites ..................................................................................................... 306Configuring the Check Point product to use SIC............................................... 307Configuring Websense software to use SIC ..................................................... 309Stopping and restarting the UFP Server ........................................................... 311Updating the OPSEC Application object ........................................................... 311
Restoring Clear Communication ............................................................................. 313
Troubleshooting Check Point Integration ................................................................ 315Applies to ................................................................................................................ 315In this topic.............................................................................................................. 315Where can I find download and error messages? .................................................. 315The Master Database does not download .............................................................. 315Websense dictionary does not load in the Check Point product............................. 316
Port mismatch ................................................................................................... 316Communication mismatch................................................................................. 317Policy properties................................................................................................ 317SIC trust configuration in FireWall-1 NG........................................................... 317
No filtering occurs after enabling enhanced UFP performance .............................. 318FTP requests are not being blocked as expected................................................... 318
Universal Integrations ................................................................................................ 321Applies to ................................................................................................................ 321In this topic.............................................................................................................. 321Overview ................................................................................................................. 321How Websense filtering works with your integration............................................... 322Installing Web Filter or Web Security to be integrated............................................ 322Upgrading when integrated..................................................................................... 323Initial setup.............................................................................................................. 324Migrating to a different integration after installation ................................................ 324
Installing Web Security Components on Linux ....................................................... 327Applies to ................................................................................................................ 327In this topic.............................................................................................................. 327
Deployment and Installation Center 15
Contents
Overview ................................................................................................................. 327Filtering installation ................................................................................................. 328Custom installation.................................................................................................. 328Starting the Web Security Linux installer ................................................................ 328
Applies to .......................................................................................................... 328Starting the Web Security Linux installer .......................................................... 329
Installing all Web security filtering components on Linux........................................ 330Applies to .......................................................................................................... 330Installing all Web security filtering components on Linux.................................. 330
Installing Web Security components on Linux ........................................................ 334Applies to .......................................................................................................... 334Installing Web Security components on Linux .................................................. 334
Web Security Gateway Anywhere (software-based) ............................................... 349Applies to ................................................................................................................ 349In this topic.............................................................................................................. 349Overview ................................................................................................................. 349Deployment............................................................................................................. 351Installation............................................................................................................... 352Initial configuration .................................................................................................. 353
Websense Content Gateway...................................................................................... 355Applies to ................................................................................................................ 355In this topic.............................................................................................................. 355Overview ................................................................................................................. 355Deployment............................................................................................................. 357Installation............................................................................................................... 357Initial configuration .................................................................................................. 357Online Help ............................................................................................................. 358Installing Web Security components to work with Websense Content Gateway .... 358
Applies to .......................................................................................................... 358Installing Web Security components to work with Websense Content Gateway ....
358Preparing to install Websense Content Gateway ................................................... 359
Applies to .......................................................................................................... 359In this topic ........................................................................................................ 359Overview ........................................................................................................... 359Downloading the installer .................................................................................. 359Internet connectivity .......................................................................................... 360Security of the Websense Content Gateway machine...................................... 360Explicit or Transparent Proxying by Websense Content Gateway.................... 362System requirements for Websense Content Gateway .................................... 364Hostname and DNS configuration for Websense Content Gateway................. 367Preparing a cache disk for use by Websense Content Gateway ...................... 368Preparing for a clustered deployment of Websense Content Gateway ............ 369
Installing Websense Content Gateway ................................................................... 370Applies to .......................................................................................................... 370Installing Websense Content Gateway ............................................................. 370
Deploying Websense Content Gateway ................................................................... 379
16 Websense TRITON Enterprise
Contents
Applies to ................................................................................................................ 379Deploying Websense Content Gateway ................................................................. 379Content Gateway deployment issues ..................................................................... 380
Applies to .......................................................................................................... 380In this topic ........................................................................................................ 380Overview ........................................................................................................... 380Proxy deployment options................................................................................. 381User authentication ........................................................................................... 382HTTPS content inspection ................................................................................ 383Handling special cases ..................................................................................... 384
Content Gateway explicit and transparent proxy deployments............................... 384Applies to .......................................................................................................... 384In this topic ........................................................................................................ 384Overview ........................................................................................................... 384Explicit proxy deployment ................................................................................. 385Transparent proxy deployment ......................................................................... 385
Special Content Gateway deployment scenarios ................................................... 389Applies to .......................................................................................................... 389In this topic ........................................................................................................ 389Overview ........................................................................................................... 390Highly available Web proxy............................................................................... 390In a proxy chain................................................................................................. 394
Chaining Content Gateway with other Proxies ........................................................ 399Applies to ................................................................................................................ 399In this topic.............................................................................................................. 399Blue Coat ProxySG................................................................................................. 399
Editing the local policy file ................................................................................. 399Using the Blue Coat graphical Visual Policy Manager ...................................... 400
Microsoft Internet Security and Acceleration (ISA) server and Forefront Threat Man-agement Gateway (TMG)..................................................................................... 401
Web Security Gateway (appliance-based)................................................................ 403Applies to ................................................................................................................ 403In this topic.............................................................................................................. 403Overview ................................................................................................................. 403Deployment............................................................................................................. 405Installation............................................................................................................... 405Initial configuration .................................................................................................. 406Setting up the appliance ......................................................................................... 406
Applies to .......................................................................................................... 406In this topic ........................................................................................................ 406Overview ........................................................................................................... 407Perform initial command-line configuration ....................................................... 407Configure the appliance .................................................................................... 409
Installing off-appliance or optional components...................................................... 415Applies to .......................................................................................................... 415Installing off-appliance or optional components ................................................ 415
Web Security Gateway Anywhere (appliance-based).............................................. 417
Deployment and Installation Center 17
Contents
Applies to ................................................................................................................ 417In this topic.............................................................................................................. 417Overview ................................................................................................................. 417Deployment............................................................................................................. 419Installation............................................................................................................... 419Initial configuration .................................................................................................. 420Setting up the appliance ......................................................................................... 421
Applies to .......................................................................................................... 421In this topic ........................................................................................................ 421Overview ........................................................................................................... 421Perform initial command-line configuration ....................................................... 422Configure the appliance .................................................................................... 424
Installing off-appliance or optional components...................................................... 430Applies to .......................................................................................................... 430Installing off-appliance or optional components ................................................ 430
TRITON management server as policy source for filtering-only appliance............. 431Applies to .......................................................................................................... 431TRITON management server as policy source for filtering-only appliance ....... 431
Data Security ............................................................................................................... 433Applies to ................................................................................................................ 433In this topic.............................................................................................................. 433Overview ................................................................................................................. 433Deployment............................................................................................................. 435Installation............................................................................................................... 436Initial configuration .................................................................................................. 436Installing Data Security on a virtual machine .......................................................... 436
Applies to .......................................................................................................... 436Installing Data Security on a virtual machine .................................................... 437
Planning Data Security Deployment ......................................................................... 447Applies to ................................................................................................................ 447Overview ................................................................................................................. 447Deciding what data to protect ................................................................................. 447
Applies to .......................................................................................................... 447In this topic ........................................................................................................ 447Overview ........................................................................................................... 448Geographical..................................................................................................... 448Industry ............................................................................................................. 448Sector................................................................................................................ 448General ............................................................................................................. 449
Determining where your confidential data resides .................................................. 449Applies to .......................................................................................................... 449In this topic ........................................................................................................ 449Overview ........................................................................................................... 449Corporate file servers and shared drives .......................................................... 450In-house databases........................................................................................... 450
Determining your information flow .......................................................................... 451Applies to .......................................................................................................... 451Determining your information flow..................................................................... 451
18 Websense TRITON Enterprise
Contents
Defining the business owners for the data.............................................................. 451Applies to .......................................................................................................... 451Defining the business owners for the data ........................................................ 451
Deciding who will manage incidents ....................................................................... 452Applies to .......................................................................................................... 452Deciding who will manage incidents ................................................................. 452
Planning access control .......................................................................................... 452Applies to .......................................................................................................... 452Planning access control .................................................................................... 452
Analyzing network structure.................................................................................... 453Applies to .......................................................................................................... 453In this topic ........................................................................................................ 453Overview ........................................................................................................... 453Structural guidelines.......................................................................................... 453
Planning network resources.................................................................................... 454Applies to .......................................................................................................... 454In this topic ........................................................................................................ 454Overview ........................................................................................................... 454Allocating disk space......................................................................................... 455Modifying the disk space setting ....................................................................... 455Distributing resources ....................................................................................... 456
Most common depl