Installation Guide f or use with Sun Java ™ System Web Proxy Server Websense Enterprise ® Websense ® W e b S e c u r i t y S u i t e ™ v6.3.
©1996–2008, Websense, Inc. 10240 Sorrento Valley Rd., San Diego, CA 92121, USA All rights reserved. Published February 7, 2008 Printed in the United States of America and Ireland The products and/or methods of use described in this document are covered by U.S. Patent Numbers 6,606,659 and 6,947,985 and other patents pending.
Contents Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 Where to Find More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 Websense Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents Upgrading from Websense Enterprise to Web Security Suite . . . . . . . . 53 Initial Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Converting a Stand-Alone System to an Integrated System . . . . . . . . . 54 All Websense Filtering Components on the Same Machine. . . . . . . 54 Distribute Websense Filtering Components . . . . . . . . . . . . . . . . . . . 55 Upgrading to the New Stand-Alone Edition . . . . . . . . . . . . . . . . . . .
Contents Chapter 5 Initial Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189 Subscription Key and Master Database Download . . . . . . . . . . . . . . . .191 Identifying the Filtering Service for the Block Page URL . . . . . . . . . .195 Displaying Protocol Block Messages . . . . . . . . . . . . . . . . . . . . . . . . . .196 Creating and Running the Script for Logon Agent . . . . . . . . . . . . . . . .197 Prerequisites for Running the Logon Script . . . .
Contents Appendix A Stealth Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 Configuring for Stealth Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Solaris or Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 Appendix B Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CHAPTER 1 Introduction Thank you for choosing Websense® web filtering and web security software. This guide covers installation and initial setup of Websense Enterprise® or Websense® Web Security Suite™ integrated with Sun Java™ System Web Proxy Server (formerly Sun ONE™ Web Proxy Server). Websense, Inc.
Chapter 1: Introduction Reporting Tools for web filtering (available in all six Websense products listed above): These components are labelled Websense Enterprise Reporting in the Websense Enterprise installers, and Web Security Suite Reporting components in the Web Security Suite installers. For information about installing, configuring, and using these web filtering reporting components, see the Websense Reporting documentation set.
Chapter 1: Introduction Filtering Service: Interacts with the Sun Java System Web Proxy Server and Network Agent to filter internet requests. Filtering Service either permits the internet request or sends an appropriate block message to the user. Websense Manager: Administrative interface that allows you to configure and manage Websense functionality through the Policy Server.
Chapter 1: Introduction the logon application, LogonApp.exe, which must be run by a logon script in your network. Real-Time Analyzer™ (RTA): Displays the real-time status of all the traffic filtered by Websense Enterprise or Web Security Suite. RTA graphically displays bandwidth information and shows requests by category or protocol. Remote Filtering Server: An optional component that provides web filtering for machines located outside your organization’s network firewall or internet gateway.
Chapter 1: Introduction Websense Enterprise Explorer: This reporting tool is available free of charge with your Websense Enterprise or Web Security Suite subscription. Explorer is a web-based reporting application that provides a customizable view into the Log Database. It displays summary information, as well as specific detail about users’ internet activity. For installation procedures, see the Reporting Installation Guide for Websense Enterprise and Web Security Suite.
Chapter 1: Introduction also be blocked. UDP protocols such as RTSP and RTP are monitored and logged. The Quota feature is an alternative to full blocking. It gives employees time each day to visit sites in categories you deem appropriate. Quotas can be a powerful tool for internet access management. Quotas help you control how much time your employees spend on personal surfing and the types of sites they are able to access.
Chapter 1: Introduction Security Suite. For an overview of basic deployment in a small network (< 500 users), and deployment information specific to your integration product, see Chapter 2: Network Configuration. 2. Install Websense filtering components: Once you have decided how to deploy Websense software in your network, install the selected web filtering components. See Chapter 4: Installing Websense Enterprise or Web Security Suite for installation procedures.
Chapter 1: Introduction 14 Websense Installation Guide
CHAPTER 2 Network Configuration Websense components can be installed in a number of possible configurations, depending upon the nature of your network and your filtering requirements. To determine the appropriate deployment for your network, and for a complete list of system requirements, see the Deployment Guide for Websense Enterprise and Web Security Suite.
Chapter 2: Network Configuration Websense Manager: May be installed on the same machine as Policy Server, and/or on one or more different machines in your network. Websense Manager machine needs network access to the Policy Server machine, but the two machines do not need to have the same operating system. Websense Manager installs on Windows, Solaris, and Linux. User Service: Installed in networks using a directory service for authentication.
Chapter 2: Network Configuration If the Network Agent machine is connected to a switch or router, configure the switch or router to use bi-directional port spanning (mirroring). If the span port on the switch or router is not capable of bi-directional communication, two network interface cards (NICs) are required in the installation machine: one NIC that can be configured for monitoring, attached to the span port; and a second NIC that can be configured for blocking, attached to a regular port.
Chapter 2: Network Configuration Avoid deploying Network Agent across different LANs. If you install an instance of Network Agent on 192.x.x.x and configure it to communicate with a Filtering Service on 10.x.x.x through a variety of switches and routers, communication may be slowed enough to prevent Network Agent from blocking an internet request in time. Do not install Network Agent on a machine running any type of firewall.
Chapter 2: Network Configuration Note If you do not have one of the supported web servers on your system, the Websense installer provides the option of installing the Apache HTTP Server. For information about supported versions of these web servers, see the Deployment Guide for Websense Enterprise and Web Security Suite.
Chapter 2: Network Configuration • If DC Agent is not identifying all your users as anticipated, you may install Logon Agent as well to improve user authentication in your network. For example, this might be necessary in a network that uses Windows 98 workstations. DC Agent uses workstation polling to get user information from workstations as they make internet requests; however, polling cannot retrieve user information from a Windows 98 workstation.
Chapter 2: Network Configuration together with the User Service and Filtering Service. Logon Agent can be used with a Windows NT-based directory service or with Active Directory, which is LDAP-based. LogonApp.exe, the client application that passes user logon information to Logon Agent, runs only on Windows client machines. You must create a logon script to run LogonApp.exe in your network; see Creating and Running the Script for Logon Agent, page 197 for instructions.
Chapter 2: Network Configuration Web Proxy Server that communicates with Filtering Service. The Sun Web Proxy Plug-in is supported only on Solaris. Remote Filtering components The Remote Filtering components are required only if you need to enable web filtering on user workstations located outside your organization’s network firewall or internet gateway. They can be installed from a Custom installation only.
Chapter 2: Network Configuration Remote Filtering Client: Can be installed on user machines that you want to filter outside the network firewall. To deploy this client application, you can use the provided installer, called the Remote Filtering Client Pack, and a third-party deployment tool. A Remote Filtering Client must be able to communicate with a Remote Filtering Server inside the network firewall to enable web filtering on the remote workstation.
Chapter 2: Network Configuration Web Security Suite Reporting documentation for installation and administrative information. Note To properly generate reports, you must use the same version of the Websense Reporting Tools as the Websense Enterprise or Web Security Suite software.
Chapter 2: Network Configuration Plug-in. The Sun Web Proxy Plug-in must be installed on each Sun Java System Web Proxy Server machine. In the standard topology, the Sun Java System Web Proxy Server runs on a machine behind the firewall or external internet router. The following diagram shows a single-homed Web Proxy Server on the organization’s internal network, with the core Websense filtering components installed on the same machine.
Chapter 2: Network Configuration Websense filtering components installed on the Web Proxy Server machine in a dual-homed system. Dual-Homed Configuration Alternately, you could install only the Sun Web Proxy Plug-in on the Sun Java System Web Proxy Server machine, and install the rest of the Websense components on a different machine. Remember that Network Agent must be able to monitor all internet traffic. Other configurations are also available.
Chapter 2: Network Configuration this is when Websense Enterprise or Web Security Suite is being evaluated on a small network or segment of a larger network. For detailed information about how to deploy each of the Websense Reporting components in your network, see the Deployment Guide for Websense Enterprise and Web Security Suite, and your Websense Enterprise and Web Security Suite Reporting documentation.
Chapter 2: Network Configuration When an LDAP directory service is enabled within Sun Java System Web Proxy Server, the Websense software receives user information along with the internet request. This allows the Websense software to filter directory objects in an LDAP directory without requiring manual authentication. Note In any environment, Websense software can filter based on workstation or network policies.
Chapter 2: Network Configuration Detailed instructions for each of these tasks can be found in the User Identification chapter in the Administrator’s Guide for Websense Enterprise and Web Security Suite. Note DC Agent on Linux is not supported with LDAP-based directory services. If you are running DC Agent on Linux and are using Windows Active Directory, NTLM authentication must be enabled in Active Directory.
Chapter 2: Network Configuration Filtering in a Network with Citrix® Server Users If your network includes some users who access the internet via a Citrix® server, and others who access the internet through another gateway (firewall, caching appliance, or proxy server), you must install two complete instances of Websense software: One instance of Websense software choosing the Citrix integration, to filter Citrix users.
Chapter 2: Network Configuration Supported Sun Java System Web Proxy Server Versions Websense Enterprise and Web Security Suite v6.3.2 are compatible with the following versions of the Sun Java System Web Proxy Server: Sun Java System Web Proxy Server 3.6 and 4.0 Sun ONE Web Proxy Server 3.6 iPlanet Web Proxy Server 3.6 Netscape Proxy Server 3.5 The Websense Sun Web Proxy Plug-in for the Sun Java System Web Proxy Server is supported only on Solaris.
Chapter 2: Network Configuration 32 Websense Installation Guide
CHAPTER 3 Upgrading Websense Enterprise or Web Security Suite This chapter contains procedures for upgrading a previous version of Websense Enterprise or Web Security Suite to version 6.3.2. It also contains instructions for upgrading an existing Websense Stand-Alone Edition to a Websense system integrated with Sun Java System Web Proxy Server. Before upgrading, make sure your system meets the system requirements listed in the Deployment Guide for Websense Enterprise or Websense Web Security Suite.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite same Network Agent used by the earlier version. The installer will also automatically assign the same port numbers to the v6.3.2 Websense components that the existing Websense components use. The Websense Master Database will be removed during upgrade. You can either download the new Master Database during upgrade of the Filtering Service, or download it after the upgrade is complete by using Websense Manager.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite Solaris: www.websense.com/Downloads/files/v6.1/full/ WebSecurity61_Setup_Slr.tar.gz Linux: www.websense.com/Downloads/files/v6.1/full/ WebSecurity61_Setup_Lnx.tar.gz If you are running Websense Enterprise v5.0, v5.0.1, or v5.1, Websense, Inc., recommends that you perform a fresh installation of v6.3.2 rather than upgrading. If you decide to upgrade to v6.3.2, three steps are required: upgrade to v5.5.2 first, then upgrade to v6.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite These procedures require a test environment and may involve several cycles of installation and upgrade. Warning Do not attempt to upgrade an earlier version of Websense Enterprise or Web Security Suite by copying the config.xml file into a v6.3.2 system. Configuration files from earlier versions are not compatible with v6.3.2. The procedures for converting to v6.3.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite Upgrading distributed components: To upgrade your system, you must run the Websense installer on each machine on which a Websense component resides. The installer detects all Websense components, including the Sun Web Proxy Plug-in, and upgrades them accordingly. Warning Always run the installer on the Policy Server machine first.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite of the upgrade, manually stop and restart all the Websense services before beginning the upgrade. Note If you have set the Recovery properties of any of your Websense services to restart the service on failure, you must change this setting to Take No Action before upgrading. Matching locales: When upgrading a Filtering Service that is installed on a different machine from Websense Manager, you must upgrade the Filtering Service to v6.3.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite Important If your Websense services have been running uninterrupted for several months, the installer may have difficulty stopping them. To prevent the upgrade process from timing out and failing, stop the services manually and restart them again before beginning the upgrade. To upgrade Websense Enterprise or Web Security Suite v6.1 or higher to v6.3.2: 1.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite b. Save the selected installer package to the setup directory on the installation machine. . 6. In the setup directory, enter the following command to unzip the file: gunzip For example: gunzip Websense632Setup_Slr.tar.gz 7. Expand the file into its components with the following command: tar xvf For example: tar xvf Websense632Setup_Slr.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite 10. Follow the upgrade sequence: Websense upgrade: The installer detects the earlier version of Websense components and gives you the choice of upgrading the existing installation or exiting Setup. Be sure to close any Websense Managers connected to the Policy Server being upgraded before continuing. Select Upgrade and continue. Stopping Websense services: A list of currently running Websense services from the earlier version appears.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite Master Database Download: The installer asks if you want to download the Websense Master Database now or at a later time using Websense Manager. Select a database download option and then select Next to continue. Warning During upgrade, the installer removes the existing Master Database. Websense filtering cannot resume until the new Master Database has been successfully downloaded, decompressed, and loaded.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite 14. Restart the Sun Java System Web Proxy Server associated with the Websense filtering software. 15. If you did not enable the use of all protocols (HTTP, HTTPS, FTP, etc.) when you installed the Sun Java System Web Proxy Server, you may choose to do so now. For instructions, see the documentation for your version of the Web Proxy Server. 16. If you are using version 4.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite To upgrade your v6.1 or higher Windows Websense components to v6.3.2: 1. Close all Websense Managers anywhere in the network that connect to the Policy Server you are upgrading. 2. Log on to the installation machine with domain and local administrator privileges. If you are upgrading User Service and DC Agent, this will assure that they have administrator privileges on the domain.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite a. Choose your product, the dynamic (online) or full (offline) installer package, the operating system, and the language. Note The Dynamic installer is an online installer package that requires web access during installation. It downloads the necessary product files from the website as needed after product selections have been made. The Full installer is a complete offline installer.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite A screen displays instructions for extracting the setup program. Websense Enterprise Installer File Extraction If you are using the Web Security Suite installer, the default destination folder will be WebSecuritySuite632Setup. 5. If you do not want to accept the default location, click Browse to select a destination folder, or type in a path. If the path you enter does not exist, the installer will create it for you.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite 7. Follow the onscreen instructions and click Next to advance through the welcome screen and the subscription agreement. The installer detects the Websense components from your earlier version and asks how you want to proceed. You can upgrade the current system or exit the installer. 8. Select Upgrade and click Next. A list of currently running Websense services from the earlier version appears.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite If you chose a non-English language installer, click Next to continue. The Websense Language Pack installer starts. Follow the onscreen instructions to update Websense components with text in the selected language. If you chose an English language installer: • • If Websense Manager was not upgraded, no further action is required and you can click Finish to exit the installer. If Websense Manager was upgraded, click Next to continue.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite Remote Filtering Client Pack The Remote Filtering Client Pack can be upgraded in the same manner as the rest of the Websense components, by running the v6.3.2 Websense installer on the machine where the Remote Filtering Client Pack is installed. See the previous sections of this chapter for detailed instructions. Remote Filtering Client The Remote Filtering Clients in your network can be upgraded in two ways: Manual upgrade: Use the v6.3.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite Manual Upgrade of Remote Filtering Client To manually upgrade an instance of the Remote Filtering Client on a single Windows workstation to v6.3.2: Note This upgrade method does not preserve existing Remote Filtering Client configuration settings; communication information for Remote Filtering Server must be reentered. 1. Run the v6.3.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite 9. Re-enter the connection information for the primary Remote Filtering Server that this client uses for web filtering. If you are not certain of these values, you can view them in Websense files on the Remote Filtering Server machine: a. Navigate to the securewispproxy.ini file, located in the /bin subdirectory in the Websense installation directory on the Remote Filtering Server machine. b. Open the securewispproxy.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite Upgrading Remote Filtering Client with a Third-Party Deployment Tool This upgrade method allows you to deploy version 6.3.2 of the Remote Filtering Client to user workstations, while preserving the existing configuration settings. To obtain the installer for version 6.3.2 of the Remote Filtering Client, you can: Upgrade an existing version of the Remote Filtering Client Pack to version 6.3.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite Upgrading from Websense Enterprise to Web Security Suite Existing Websense Enterprise systems, version 6.1 and higher, can be upgraded directly to Web Security Suite. You must run the Web Security Suite installer on each machine where a Websense component is installed. The installer detects all Websense components of version 6.1 or higher on that machine and upgrades them accordingly.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite Converting a Stand-Alone System to an Integrated System You can convert an existing Websense Stand-Alone Edition to a Websense system using Sun Java System Web Proxy Server without losing any configuration settings. The conversion process preserves such settings as port numbers and IP addresses.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite • If the Websense software is running on the same machine as the Sun Java System Web Proxy Server, follow the procedures in Converting to an Integrated System when Sun Java System Web Proxy Server is on the Websense Machine, page 61.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite The procedure depends on where the Websense filtering software is installed: • If the Websense software is running on the same machine as the Sun Java System Web Proxy Server, follow the procedures in Converting to an Integrated System when Sun Java System Web Proxy Server is on the Websense Machine, page 61.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite Solaris or Linux The v6.3.2 Websense Enterprise or Web Security Suite installer can upgrade version 6.1 or higher of the Stand-Alone Edition. 1. Back up the following files before proceeding: websense.ini eimserver.ini config.xml Note Before upgrading to a new version of Websense Enterprise or Web Security Suite, Websense, Inc., recommends that you perform a full system backup as a fallback strategy.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite a. Choose your product, the dynamic (online) or full (offline) installer package, the operating system, and the language. Note The Dynamic installer is an online installer package that requires web access during installation. It downloads the necessary product files from the website as needed after product selections have been made. The Full installer is a complete offline installer.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite This places the following files into the setup directory: File Description install.sh Installation program Setup Archive file containing related installation files and documents. Documentation Release Notes: An HTML file containing release notes and last minute information about the Websense software. Read this file with any supported browser. 9. Run the installation program from the setup directory with the following command: .
Chapter 3: Upgrading Websense Enterprise or Web Security Suite • If the installation machine has less than the recommended amount of memory, the installation can continue. To ensure the best performance of the components you are installing, you should upgrade your machine’s memory to the recommended amount. Installation summary: A summary list appears, showing the installation path, file sizes, and the components that will be upgraded. 12. Select Next to begin the upgrade.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite 13. When a message announcing successful completion of the installation is displayed: If you chose a non-English language installer, select Next to continue. The Websense Language Pack installer starts. Follow the onscreen instructions to update Websense components with text in the selected language. If you chose an English language installer: • • If you are installing in command line mode, select Finish to exit the installer.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite 5. Run the Websense installer from the directory where you unpacked it using the following command: ./install.sh To run the GUI version of the installer, use the following command: ./install.sh -g If you are using a non-English based system, the installer will display an error message advising you that the GUI version is not supported. 6.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite • If the installation machine has less than the recommended amount of memory, the installation can continue. To ensure the best performance of the components you are installing, you should upgrade your machine’s memory to the recommended amount. Installation summary: A summary list appears, showing the installation path, file sizes, and the components that will be installed. 7. Select Next to begin installation.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite Converting to an Integrated System when Sun Java System Web Proxy Server is on a Different Machine Once you have upgraded your existing Stand-Alone Edition to the v6.3.2 Stand-Alone Edition, you are ready to convert to a v6.3.2 Websense system that integrates with Sun Java System Web Proxy Server.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite Remove components: The installer provides a list of currently installed components. Select Filtering Service for removal. Uninstall summary: A message states that the Filtering Service will be removed. Select Next to continue. Uninstall complete: The installer displays a message indicating that the selected components have been removed. Select Finish to exit the installer. 7. Run the v6.3.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite • If the installation machine has less than the recommended amount of memory, the installation can continue. To ensure the best performance of the components you are installing, you should upgrade your machine’s memory to the recommended amount. Installation summary: A summary list appears, showing the installation path, installation size, and the Filtering Service as the component that will be installed. 9.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite Changing IP Addresses of Installed Components Websense filtering software handles most IP address changes automatically, without any interruption in internet filtering. Changes to the IP address of the machine running the Policy Server result in notification of the change being broadcast to Websense components on other machines. In some cases, however, services need to be restarted or configurations updated after changing an IP address.
Chapter 3: Upgrading Websense Enterprise or Web Security Suite 68 Websense Installation Guide
CHAPTER 4 Installing Websense Enterprise or Web Security Suite This chapter contains instructions for a new installation of Websense Enterprise or Web Security Suite components. In addition to installation procedures, instructions are provided for modifying an installation, including adding, removing, and repairing installed components. Websense Installers Separate Websense installers are available for the Windows, Solaris, and Linux operating systems.
Chapter 4: Installing Websense Enterprise or Web Security Suite Language Code English en French fr German de Italian it Japanese ja Korean ko Portuguese (Brazil) pt_BR Spanish es Go to www.websense.com, navigate to the Downloads page, and then select an installer package for the desired language. Important All Websense components in a Websense installation must be in the same language.
Chapter 4: Installing Websense Enterprise or Web Security Suite The Websense configuration file (config.xml) is edited to localize certain data strings such as warnings and error messages. Websense category names are updated with localized versions. Alert messages for Websense Administrators are updated with localized versions. The Reporting Tools Portal and Real-Time Analyzer are updated with localized versions. Japanese only: The Websense Manager user interface is converted to Japanese.
Chapter 4: Installing Websense Enterprise or Web Security Suite Deployment: You can install the following Websense components together on the same Solaris machine by selecting the Typical installation option: Filtering Service Policy Server Websense Manager User Service Network Agent eDirectory Agent Logon Agent RADIUS Agent Usage Monitor After completing the typical installation on the Solaris machine, you can install Real-Time Analyzer on a Windows machine.
Chapter 4: Installing Websense Enterprise or Web Security Suite you must run the Websense installer and select a Custom installation. For information, see Installing Websense Components Separately, page 99. Network Agent: Network Agent is included as part of a Typical installation.
Chapter 4: Installing Websense Enterprise or Web Security Suite Web server: To install Real-Time Analyzer (RTA) you must have either Microsoft IIS or Apache HTTP Server installed. If neither supported web server is detected, the installer gives you the option to install the Apache HTTP Server or continue the installation without installing RTA.
Chapter 4: Installing Websense Enterprise or Web Security Suite Policy Server User Service Websense Manager Network Agent eDirectory Agent Logon Agent RADIUS Agent Usage Monitor The Websense Filtering Plug-in (Sun Web Proxy Plug-in) must be installed on the Sun Java System Web Proxy Server machine. After you install the main Websense Enterprise or Web Security Suite components on the Solaris machine, you may wish to install additional Websense components on other machines.
Chapter 4: Installing Websense Enterprise or Web Security Suite a. Choose your product, the dynamic (online) or full (offline) installer package, the operating system, and the language. Note The Dynamic installer is an online installer package that requires web access during installation. It downloads the necessary product files from the website as needed after product selections have been made. The Full installer is a complete offline installer.
Chapter 4: Installing Websense Enterprise or Web Security Suite This places the following files into the setup directory: File Description install.sh Installation program. Setup Archive file containing related installation files and documents. Documentation Release Notes: An HTML file containing release notes and last minute information about the Websense software. Read this file with any supported browser. 7. Run the installation program from the setup directory with the following command: .
Chapter 4: Installing Websense Enterprise or Web Security Suite • Custom: Allows you to install individual Websense components. You can use this option to distribute components in your network. For more information, see Installing Websense Components Separately, page 99. Select Typical to install the listed Websense components on the Sun Java System Web Proxy Server machine. Multiple IP addresses: If the installation machine is multihomed, all enabled network interface cards (NICs) appear in a list.
Chapter 4: Installing Websense Enterprise or Web Security Suite • Select the version number of your Sun Java System Web Proxy Server. Note The Sun Java System Web Proxy Server was previously known as the Sun ONE Web Proxy Server and iPlanet Web Proxy Server (v3.6), and the Netscape Proxy Server (v3.5). Port numbers: The installer automatically assigns default port numbers to the Policy Server (55806) and the Filtering Service (15868).
Chapter 4: Installing Websense Enterprise or Web Security Suite Network Interface Card (NIC) selection: All enabled network interface cards (NICs) appear in a list. If the machine has multiple NICs, select the one to use for Network Agent. Be sure that this card has visibility into the internet traffic you want Network Agent to filter. Note After installation, you can run the Traffic Visibility Tool to test whether the selected NIC can see the appropriate user internet traffic.
Chapter 4: Installing Websense Enterprise or Web Security Suite • application called LogonApp.exe that must be run by a logon script in your network. For instructions, see Creating and Running the Script for Logon Agent, page 197. None: This option does not install a Websense transparent identification agent. Select this option if you plan to configure authentication of users through the Sun Java System Web Proxy Server. Note You can configure manual authentication in Websense Manager after installation.
Chapter 4: Installing Websense Enterprise or Web Security Suite Web browser: You must provide the full path to the web browser you want to use when viewing online Help. This information is requested only when you choose a Typical installation or are installing Websense Manager separately. Installation directory: Enter the path to the directory where you want to install the Websense components, or accept the default location (/opt/Websense).
Chapter 4: Installing Websense Enterprise or Web Security Suite If you provided the installer with a valid subscription key when prompted, you are asked if you want to download the Websense Master Database now or at a later time using Websense Manager. Select a database download option and select Next to continue. Note The Master Database can take a few minutes or more than 60 minutes to download, decompress, and load into local memory.
Chapter 4: Installing Websense Enterprise or Web Security Suite 14. If you did not enable the use of all protocols (HTTP, HTTPS, FTP, etc.) when you installed the Sun Java System Web Proxy Server, you may choose to do so now. For instructions, see the documentation for your version of the Web Proxy Server. 15. If you are using version 4.0 of the Sun Java System Web Proxy Server, additional configuration is required to integrate with a directory service for user- and group-based access control.
Chapter 4: Installing Websense Enterprise or Web Security Suite machine you want to modify and select the appropriate option. The installer detects the presence of Websense components and offers you options for modifying your installation. For information about adding or removing Websense components, see Adding Components, page 162 and Removing Components, page 172.
Chapter 4: Installing Websense Enterprise or Web Security Suite a. Choose your product, the dynamic (online) or full (offline) installer package, the operating system, and the language. Note The Dynamic installer is an online installer package that requires web access during installation. It downloads the necessary product files from the website as needed after product selections have been made. The Full installer is a complete offline installer.
Chapter 4: Installing Websense Enterprise or Web Security Suite This places the following files into the setup directory: File Description install.sh Installation program. Setup Archive file containing related installation files and documents. Documentation Release Notes: An HTML file containing release notes and last minute information about the Websense software. Read this file with any supported browser. 7. Run the installation program from the setup directory with the following command: .
Chapter 4: Installing Websense Enterprise or Web Security Suite • Custom: Allows you to install individual Websense components. You can use this option to install components on separate machines in your network. For more information, see Installing Websense Components Separately, page 99 Select Typical to install the listed Websense components. Multiple IP addresses: If the installation machine is multihomed, all enabled network interface cards (NICs) appear in a list.
Chapter 4: Installing Websense Enterprise or Web Security Suite • I have a Websense subscription key: If you have a valid subscription key, select this option and enter your key when prompted. You will be given the option to download the Websense Master Database during installation. • I do not wish to use a key at this time: Select this option to continue the installation without entering a key. You will not be given the option to download the Websense Master Database during installation.
Chapter 4: Installing Websense Enterprise or Web Security Suite Initial filtering options: Websense software can be configured to filter internet traffic immediately after installation, based on a predefined default policy, or to monitor internet traffic only. Select Yes to filter traffic initially, or No if you prefer to evaluate your network traffic before applying any type of filtering. You can install one or more of the Websense Reporting Tools to report on network activity.
Chapter 4: Installing Websense Enterprise or Web Security Suite Directory Access for DC Agent: If you selected DC Agent for installation, you must provide a user name and a password with administrative privileges on the domain. DC Agent needs access to directory information to be able to identify users transparently. Note If you cannot install DC Agent with the appropriate privileges on the domain, you can configure them after installation.
Chapter 4: Installing Websense Enterprise or Web Security Suite Installation directory: Enter the path to the directory where you want to install the Websense components, or accept the default location (/opt/Websense). If this directory does not already exist, the installer will create it. Important The full installation path must use only ASCII characters. Do not use extended ASCII or double-byte characters.
Chapter 4: Installing Websense Enterprise or Web Security Suite Master Database Download: If you provided a valid subscription key when prompted, you are asked if you want to download the Websense Master Database now or at a later time using Websense Manager. Select a database download option and select Next to continue. Note The Master Database can take a few minutes or more than 60 minutes to download, decompress, and load into local memory.
Chapter 4: Installing Websense Enterprise or Web Security Suite 12. If you stopped your antivirus software, be sure to start it again. 13. Install the Sun Web Proxy Plug-in on the Sun Java System Web Proxy Server machine. This will allow the Websense software—specifically, the Websense Filtering Service—to communicate with the Web Proxy Server. See Installing the Sun Web Proxy Plug-in on the Web Proxy Server Machine, page 94 for instructions. 14.
Chapter 4: Installing Websense Enterprise or Web Security Suite Web download: To download an installer package, go to www.websense.com, and then navigate to the Downloads page. a. Choose your product, the dynamic (online) or full (offline) installer package, the operating system, and the language. Note The Dynamic installer is an online installer package that requires web access during installation.
Chapter 4: Installing Websense Enterprise or Web Security Suite This places the following files into the setup directory: File Description install.sh Installation program Setup Archive file containing related installation files and documents. Documentation Release Notes: An HTML file containing release notes and last minute information about the Websense software. Read this file with any supported browser. 7. Run the installation program from the setup directory with the following command: .
Chapter 4: Installing Websense Enterprise or Web Security Suite Policy Server: Provide the IP address and port number of the Policy Server machine. Note The displayed configuration port (55806) is the default port number used by the installer to install the Policy Server. If you installed the Policy Server using a different port number, enter that port number. Filtering Service: Enter the IP address of the Filtering Service machine, and the port number if it is different from the default.
Chapter 4: Installing Websense Enterprise or Web Security Suite System requirements check: The installer compares the system requirements for the installation you have selected with the resources of the installation machine. If the machine has inadequate disk space or memory, separate warnings are displayed. • • If the installation machine has insufficient disk space, the selected components cannot be installed, and the installer will quit.
Chapter 4: Installing Websense Enterprise or Web Security Suite 15. If you are using version 4.0 of the Sun Java System Web Proxy Server, additional configuration is required to integrate with a directory service for user- and group-based access control. For instructions, see Integrating Web Proxy Server 4.0 with a Directory Service, page 211.
Chapter 4: Installing Websense Enterprise or Web Security Suite client and RADIUS server to transparently identify users logging on from remote locations. eDirectory Agent: eDirectory Agent installs on Windows, Solaris, and Linux, and is installed in networks that use Novell eDirectory to identify users. Logon Agent: Logon Agent installs on Windows, Solaris, and Linux. Logon Agent receives user information at logon from a client application called LogonApp.exe, which must be run by a logon script.
Chapter 4: Installing Websense Enterprise or Web Security Suite Be sure to read the Deployment Guide for Websense Enterprise and Web Security Suite before beginning installation to determine the best way to distribute Websense Enterprise and Web Security Suite components in your network. Windows Procedures The steps in this section are common to all separate installations of Websense Enterprise and Web Security Suite components on Windows.
Chapter 4: Installing Websense Enterprise or Web Security Suite Note The Dynamic installer is an online installer package that requires web access during installation. It downloads the necessary product files from the website as needed after product selections have been made. The Full installer is a complete offline installer. It is much larger than the online Dynamic installer package, and contains all the files needed to install the Websense Enterprise or Web Security Suite components.
Chapter 4: Installing Websense Enterprise or Web Security Suite A screen displays instructions for extracting the setup program. Websense Enterprise Installer File Extraction If you are installing Web Security Suite, the default destination folder will be WebSecuritySuite632Setup. 4. If you do not want to accept the default location, click Browse to select a destination folder, or type in a path. If the path you enter does not exist, the installer will create it for you.
Chapter 4: Installing Websense Enterprise or Web Security Suite 6. Click Next in the welcome screen and follow the onscreen instructions through the subscription agreement. 7. In the Product Selection screen, select the product to install and click Next: Websense Enterprise installer: Select Websense Enterprise.
Chapter 4: Installing Websense Enterprise or Web Security Suite • Web Security Suite and Client Policy Manager: Provides web security and reporting features, plus desktop security. Web Security Suite Product Selection 8. (Web Security Suite only.) An information screen appears, listing the order in which the modules of the Web Security Suite must be installed. Click Next to continue. 9. (Web Security Suite only.
Chapter 4: Installing Websense Enterprise or Web Security Suite To install Websense Manager on a Windows machine: 1. Download and start the Windows installer using the procedure in Windows Procedures, page 101. 2. Following the Custom installation path brings you to the component selection screen. Select Websense Manager and click Next. A dialog box appears, asking you to select an installation directory for Websense Manager. 3.
Chapter 4: Installing Websense Enterprise or Web Security Suite If you chose a non-English language installer, the Websense Language Pack installer starts. Click Next in the welcome screen and follow the onscreen instructions. If you chose an English language installer, a screen appears asking if you want to launch Websense Manager. If you do not want to launch Manager, clear the checkbox. Click Finish to exit the installer. 6.
Chapter 4: Installing Websense Enterprise or Web Security Suite If you are attempting to install Network Agent on a machine on which the Filtering Service and Policy Server are already installed, see the procedures in Adding Components, page 162. Important The Websense Filtering Service and the Policy Server must be installed and running prior to installing Network Agent, or installed at the same time as Network Agent.
Chapter 4: Installing Websense Enterprise or Web Security Suite Important Network Agent cannot function properly on a machine running a firewall. The only exception is a blade server or appliance that has separate processors or virtual processors to accommodate Network Agent and the firewall software. 4. Select Yes or No and click Next to continue: Select Yes if the installation machine is not being used as a firewall. Installation will continue.
Chapter 4: Installing Websense Enterprise or Web Security Suite 7. Enter the IP address of the Filtering Service machine, and the port number if different from the default, and then click Next. A screen appears asking if you want to allow Websense, Inc., to gather information about the use of Websense-defined protocols. Information will be used in the development of protocol filtering. Note Network Agent never sends Websense, Inc.
Chapter 4: Installing Websense Enterprise or Web Security Suite If you chose a non-English language installer, click Next to continue. The Websense Language Pack installer starts. Click Next in the welcome screen and follow the onscreen instructions. If you chose an English language installer, click Finish to exit the installer. 12. If you stopped your antivirus software, remember to start it again after Websense components have been installed. 13. Configure Network Agent for use in your network.
Chapter 4: Installing Websense Enterprise or Web Security Suite The installer asks you to identify the machine on which the Policy Server is installed. Note The configuration port (55806) in this dialog box is the default port number used by the installer to install the Policy Server. If you installed the Policy Server using a different port number, enter that port number in this dialog box. 4.
Chapter 4: Installing Websense Enterprise or Web Security Suite If the installation machine has less than the recommended amount of memory, the installation can continue. To ensure the best performance of the components you are installing, you should upgrade your machine’s memory to the recommended amount. A summary list appears, showing the installation path, the installation size, and the components that will be installed. 7. Click Next to start the installation.
Chapter 4: Installing Websense Enterprise or Web Security Suite 2. Following the Custom installation path brings you to the component selection screen. Select Real-Time Analyzer and click Next. If the installation machine is multihomed, all enabled network interface cards appear in a list. 3. Select the IP address of the card you want RTA to use to communicate and click Next. The installer asks you to identify the machine on which the Policy Server is installed.
Chapter 4: Installing Websense Enterprise or Web Security Suite If neither supported web server is detected, the installer gives you the option to install the Apache HTTP Server or continue the installation without installing RTA. Web Server for Real-Time Analyzer If you select the Apache HTTP Server installation option, the Websense installer starts the Apache installer and exits without installing any Websense components.
Chapter 4: Installing Websense Enterprise or Web Security Suite Virtual Directory Selection 6. If you have renamed the default website in the IIS Manager or are using a language version of Windows other than English, select the proper website from the names in the drop-down list, and then click Next to continue. The installer asks you to select an installation folder for the Websense components. 7.
Chapter 4: Installing Websense Enterprise or Web Security Suite 8. Click Next to start the installation. If you are using the online installer, the Download Manager progress bars are displayed as the appropriate installer files are downloaded from the Websense website. Installation begins automatically when the necessary files have been downloaded.
Chapter 4: Installing Websense Enterprise or Web Security Suite 1. Download and start the Windows installer using the procedure in Windows Procedures, page 101. 2. Following the Custom installation path brings you to the component selection screen. Select RADIUS Agent and click Next. The installer asks you to identify the machine on which the Policy Server is installed. Note The configuration port (55806) in this dialog box is the default port number used by the installer to install the Policy Server.
Chapter 4: Installing Websense Enterprise or Web Security Suite A summary list appears, showing the installation path, the installation size, and the components that will be installed. 6. Click Next to start the installation. If you are using the online installer, the Download Manager progress bars are displayed as the appropriate installer files are downloaded from the Websense website. Installation begins automatically when the necessary files have been downloaded.
Chapter 4: Installing Websense Enterprise or Web Security Suite 2. Following the Custom installation path brings you to the component selection screen. Select eDirectory Agent and click Next. The installer asks you to identify the machine on which the Policy Server is installed. Note The configuration port (55806) in this dialog box is the default port number used by the installer to install the Policy Server.
Chapter 4: Installing Websense Enterprise or Web Security Suite A summary list appears, showing the installation path, the installation size, and the components that will be installed. 7. Click Next to start the installation. If you are using the online installer, the Download Manager progress bars are displayed as the appropriate installer files are downloaded from the Websense website. Installation begins automatically when the necessary files have been downloaded.
Chapter 4: Installing Websense Enterprise or Web Security Suite Do not install Logon Agent on the same machine as eDirectory Agent, as this can cause conflicts. To install the Logon Agent on a Windows machine: 1. Download and start the Windows installer using the procedure in Windows Procedures, page 101. 2. Following the Custom installation path brings you to the component selection screen. Select Logon Agent and click Next.
Chapter 4: Installing Websense Enterprise or Web Security Suite If the installation machine has less than the recommended amount of memory, the installation can continue. To ensure the best performance of the components you are installing, you should upgrade your machine’s memory to the recommended amount. A summary list appears, showing the installation path, the installation size, and the components that will be installed. 6. Click Next to start the installation.
Chapter 4: Installing Websense Enterprise or Web Security Suite Filtering Client. (For Remote Filtering Client installation instructions, see Remote Filtering Client, page 131.) Note To enable the Remote Filtering components, you must subscribe to the remote filtering service. The Remote Filtering Server should be installed on a separate, dedicated machine. This machine must be able to communicate with the Websense Filtering Service and with the remote workstations outside the network firewall.
Chapter 4: Installing Websense Enterprise or Web Security Suite To install the Remote Filtering Server on a Windows machine: 1. Download and start the Windows installer using the procedure in Windows Procedures, page 101. 2. Following the Custom installation path brings you to the component selection screen. Select Remote Filtering Server and click Next. If the installation machine is multihomed, all enabled network interface cards appear in a list. 3.
Chapter 4: Installing Websense Enterprise or Web Security Suite 5. In the External Communication Port field, enter a port number (from 10 to 65535) that is not in use, and that is accessible from outside the network firewall. The default value is 80. (If there is a web server installed on the machine, port 80 may already in use, so you may need to change the default value.
Chapter 4: Installing Websense Enterprise or Web Security Suite If you want this installation of the Remote Filtering Server to function as a backup (secondary or tertiary) server for a primary Remote Filtering Server, you must enter the same pass phrase used when installing the primary Remote Filtering Server. The pass phrase must include only ASCII characters. Do not use extended ASCII or double-byte characters.
Chapter 4: Installing Websense Enterprise or Web Security Suite 11. In the first field, enter the actual (internal) IP address of the Filtering Service machine. 12. Is there a firewall or other network device that performs network address translation between the Filtering Service machine and this machine? If yes, enter the translated (external) IP address of the Filtering Service machine.
Chapter 4: Installing Websense Enterprise or Web Security Suite The installer compares the system requirements for the installation you have selected with the resources of the installation machine. If the machine has inadequate disk space or memory, separate warnings are displayed: If the installation machine has insufficient disk space, the selected components cannot be installed, and the installer will quit.
Chapter 4: Installing Websense Enterprise or Web Security Suite Remote Filtering Client Pack The Remote Filtering Client Pack is an installer package that allows you to install the Remote Filtering Client. Once you have this installer package, you can use it to deploy the Remote Filtering Client on Windows workstations (see Remote Filtering Client, page 131). The Remote Filtering Client Pack can be installed on Windows machines only.
Chapter 4: Installing Websense Enterprise or Web Security Suite 4. Click Next to start the installation. If you are using the online installer, the Download Manager progress bars are displayed as the appropriate installer files are downloaded from the Websense website. Installation begins automatically when the necessary files have been downloaded.
Chapter 4: Installing Websense Enterprise or Web Security Suite The Remote Filtering Client can be installed in the following ways: Manual installation: Use the Remote Filtering Client Pack to manually install the Remote Filtering Client on an individual workstation. See Manual Installation of Remote Filtering Client, page 132 for information.
Chapter 4: Installing Websense Enterprise or Web Security Suite 2. Install the Remote Filtering Client Pack on the workstation as described in Remote Filtering Client Pack, page 130. Or, if you have already installed the Remote Filtering Client Pack on another machine, you can simply copy the CPMClient.msi file to a folder on the installation workstation.
Chapter 4: Installing Websense Enterprise or Web Security Suite Remote Filtering Server Connection Information The Remote Filtering Client must be configured to connect with a primary Remote Filtering Server. If optional secondary and tertiary Remote Filtering Servers were installed to provide failover capability for the primary server, the Remote Filtering Client must be configured to connect with these as well.
Chapter 4: Installing Websense Enterprise or Web Security Suite Enter the externally visible IP address or fully qualified domain name (FQDN) of the primary Remote Filtering Server machine in the External IP or Domain Name field. Important You must use the same external address in the same address format—IP address or FQDN—that you entered when you installed this Remote Filtering Server.
Chapter 4: Installing Websense Enterprise or Web Security Suite Note If the Remote Filtering Client is on a notebook computer that is used both inside and outside the network firewall, this port allows the Websense software to determine where the machine is located and filter it appropriately. The machine will be filtered in the same way as an internal client when it is used inside the organization’s network firewall, and by the Remote Filtering Service when it is used remotely. 6.
Chapter 4: Installing Websense Enterprise or Web Security Suite 11. If a message appears indicating that you must restart the machine, click Yes to restart now. Remote filtering will not function properly until the machine is restarted. If no message appears, restarting the machine is not required.
Chapter 4: Installing Websense Enterprise or Web Security Suite Below are the necessary command line parameters for installing the Remote Filtering Client with a third-party deployment tool: Note These parameters are not case sensitive.
Chapter 4: Installing Websense Enterprise or Web Security Suite PRIMARY_INTERNAL_WISP_PORT= The port number for the internal communication port on the primary Remote Filtering Server that can only be accessed from inside the network firewall. This must be the same port entered in the Internal Communication Port field when the Remote Filtering Server was installed.
Chapter 4: Installing Websense Enterprise or Web Security Suite PASSPHRASE= The Pass Phrase entered when the primary Remote Filtering Server was installed. Note that all Remote Filtering Servers in the same failover group (primary, secondary, and tertiary) must have the same pass phrase.
Chapter 4: Installing Websense Enterprise or Web Security Suite /qn Switch for quiet installation mode. When you use this option, Remote Filtering Client will install without displaying information to the employee at the workstation. If you do not use /qn, the installer launches in interactive mode and installation dialog boxes display to the employee during installation. Most organizations choose the quiet mode, as interactive mass deployment has little value.
Chapter 4: Installing Websense Enterprise or Web Security Suite When the installer repairs an installation of the Remote Filtering Client, the current configuration settings are used. If your remote filtering configuration has not changed, no additional parameters are necessary. However, if you have changed your configuration, you must include the appropriate parameters and new values in the command.
Chapter 4: Installing Websense Enterprise or Web Security Suite a. Choose your product, the dynamic (online) or full (offline) installer package, the operating system, and the language. Note The Dynamic installer is an online installer package that requires web access during installation. It downloads the necessary product files from the website as needed after product selections have been made. The Full installer is a complete offline installer.
Chapter 4: Installing Websense Enterprise or Web Security Suite This places the following files into the setup directory: File Description install.sh Installation program Setup Archive file containing related installation files and documents. Documentation Release Notes: An HTML file containing release notes and last minute information about the Websense software. Read this file with any supported browser. 7. Run the installation program from the setup directory with the following command: .
Chapter 4: Installing Websense Enterprise or Web Security Suite 2. Following the Custom installation path brings you to a list of components to install. Select Websense Manager. The installer asks you for the location of your web browser. 3. Provide the full path to the web browser to use when viewing online Help. The installer asks you to provide a path to the installation directory in which it can create the /Manager subdirectory and install Websense Manager. 4.
Chapter 4: Installing Websense Enterprise or Web Security Suite 7. When a message announcing successful completion of the installation is displayed: If you chose a non-English language installer, select Next to continue. The Websense Language Pack installer starts. Follow the onscreen instructions. If you chose an English language installer: • • If you are installing in command line mode, select Finish to exit the installer. If you are installing in GUI mode, select Next to continue.
Chapter 4: Installing Websense Enterprise or Web Security Suite If this installation is part of a multiple deployment of the Network Agent (for load balancing purposes), you must be sure that the IP address ranges for each instance of the Network Agent do not overlap. This will result in double logging. Deploy the Network Agents so that they can filter the entire network.
Chapter 4: Installing Websense Enterprise or Web Security Suite 3. Enter the IP address of the Policy Server machine, and the port number if different from the default, and then select Next. The installer asks you if this machine is running a firewall. Make sure that the installation machine is not being used as a firewall before continuing. Important Network Agent cannot function properly on a machine running a firewall.
Chapter 4: Installing Websense Enterprise or Web Security Suite The installer asks you for the IP address and filter port number for the machine on which Filtering Service is installed. Note The displayed filter port (15868) is the default port number used by the installer to install Filtering Service. If you installed Filtering Service using a different port number, enter that port number. 6.
Chapter 4: Installing Websense Enterprise or Web Security Suite If the installation machine has insufficient disk space, the selected components cannot be installed, and the installer will quit. If the installation machine has less than the recommended amount of memory, the installation can continue. To ensure the best performance of the components you are installing, you should upgrade your machine’s memory to the recommended amount. A summary of all the components that will be installed appears.
Chapter 4: Installing Websense Enterprise or Web Security Suite If the installation machine is multihomed, all enabled network interface cards (NICs) with an IP address are displayed. 3. Select the IP address of the card you want RADIUS Agent to use to communicate. The installer asks you to identify the machine on which the Policy Server is installed. Note The displayed configuration port (55806) is the default port number used by the installer to install the Policy Server.
Chapter 4: Installing Websense Enterprise or Web Security Suite 6. Select Next to begin installation. If you are using the online installer, the Download Manager downloads the appropriate installer files from the Websense website. Installation begins automatically when the necessary files have been downloaded.
Chapter 4: Installing Websense Enterprise or Web Security Suite The installer asks you to identify the machine on which the Policy Server is installed. Note The displayed configuration port (55806) is the default port number used by the installer to install the Policy Server. If you installed the Policy Server using a different port number, enter that port number. 3. Enter the IP address of the Policy Server machine, and the port number if different from the default, and then select Next to continue.
Chapter 4: Installing Websense Enterprise or Web Security Suite of the components you are installing, you should upgrade your machine’s memory to the recommended amount. A summary of all the components that will be installed appears. 7. Select Next to begin installation. If you are using the online installer, the Download Manager downloads the appropriate installer files from the Websense website. Installation begins automatically when the necessary files have been downloaded.
Chapter 4: Installing Websense Enterprise or Web Security Suite Do not install Logon Agent on the same machine as eDirectory Agent, as this can cause conflicts. To install the Logon Agent on a Solaris or Linux machine: Note LogonApp.exe, the client application that passes user logon information to Logon Agent, runs only on Windows client machines. 1. Download and start the installer using the procedure in Solaris and Linux Procedures, page 142. 2.
Chapter 4: Installing Websense Enterprise or Web Security Suite 5. Enter the path to the installation directory, or accept the default Websense installation directory (/opt/Websense). If this directory does not already exist, the installer will create it. Important The full installation path must use only ASCII characters. Do not use extended ASCII or double-byte characters. The installer compares the system requirements for the installation you have selected with the resources of the installation machine.
Chapter 4: Installing Websense Enterprise or Web Security Suite 9. Set up the required logon script by following the instructions is Creating and Running the Script for Logon Agent, page 197. 10. Configure Logon Agent to communicate with client workstations and the Filtering Service by following the instructions in the User Identification chapter of the Administrator’s Guide for Websense Enterprise and Web Security Suite.
Chapter 4: Installing Websense Enterprise or Web Security Suite Important Install only one primary Remote Filtering Server for each Filtering Service in your network. Do not install the Remote Filtering Server on the same machine as the Filtering Service or Network Agent. Do not enable DHCP on the Remote Filtering Server machine. To install the Remote Filtering Server on a Solaris or Linux machine: 1.
Chapter 4: Installing Websense Enterprise or Web Security Suite 5. In the External Communication Port field, enter a port number (from 10 to 65535) that is not in use, and that is accessible from outside the network firewall. The default value is 80. (If there is a web server installed on the machine, port 80 may already be in use, so you may need to change the default value.
Chapter 4: Installing Websense Enterprise or Web Security Suite If you want this installation of the Remote Filtering Server to function as a backup (secondary or tertiary) server for a primary Remote Filtering Server, you must enter the same pass phrase used when installing the primary Remote Filtering Server. The pass phrase must include only ASCII characters. Do not use extended ASCII or double-byte characters.
Chapter 4: Installing Websense Enterprise or Web Security Suite 12. Enter the block page port number for the Filtering Service machine, if it was changed from the default value of 15871. Important If there is a firewall between the Filtering Service machine and the Remote Filtering Server machine, be sure to open the filter port (15868) and block page port (15871) on that firewall. Filtering Service must be able to accept connections from the Remote Filtering Server, and serve block pages to remote users.
Chapter 4: Installing Websense Enterprise or Web Security Suite Since the Network Agent was not installed on this machine, a message reminds you that features such as Protocol Management and Bandwidth Optimizer cannot be used unless Network Agent is installed on a machine with direct access to internet traffic. Select Next to continue. 15. When a message announcing successful completion of the installation is displayed: If you chose a non-English language installer, select Next to continue.
Chapter 4: Installing Websense Enterprise or Web Security Suite Windows To add Websense components in a Windows environment: Note Before adding new components, we recommend that you perform a full system backup as a fallback strategy. This backup allows you to restore your current system with minimum downtime, should you decide to do so. 1. Log on to the installation machine with domain and local administrator privileges.
Chapter 4: Installing Websense Enterprise or Web Security Suite 7. Click Next to continue. The installer displays a list of components not currently installed on the installation machine. Websense Component Selection 8. Select the components you want to install and click Next. If you are installing the Real-Time Analyzer and are using IIS as your web server, you are prompted to select the name of the website in the IIS Manager under which the installer should create a virtual directory.
Chapter 4: Installing Websense Enterprise or Web Security Suite Virtual Directory Selection 9. If you have renamed the default website in the IIS Manager or are using a language version of Windows other than English, select the proper website from the names in the drop-down list, and then click Next to continue. If you are installing Network Agent, the installer asks you if this machine is running a firewall. Network Agent cannot function properly on a machine that is being used as a firewall.
Chapter 4: Installing Websense Enterprise or Web Security Suite Important The machine on which Network Agent is installed must be able to monitor 2-way employee internet traffic to function correctly. If you install Network Agent on a machine that cannot monitor the targeted traffic, Network Agent features such as Protocol Management, Bandwidth Optimizer, and IM Attachment Manager will not perform as expected.
Chapter 4: Installing Websense Enterprise or Web Security Suite If you selected DC Agent for installation, you are asked to provide a user name and a password with administrative privileges on the domain. DC Agent needs access to directory information to be able to identify users transparently. Directory Access for DC Agent 14. Enter the domain and user name, followed by the network password for an account with domain privileges, and click Next to continue.
Chapter 4: Installing Websense Enterprise or Web Security Suite If the installation machine has less than the recommended amount of memory, the installation can continue. To ensure the best performance of the components you are installing, you should upgrade your machine’s memory to the recommended amount. A summary screen appears, listing the installation path, the installation size, and the components that will be installed. 15. Click Next to begin installation.
Chapter 4: Installing Websense Enterprise or Web Security Suite Solaris or Linux To add Websense Enterprise or Web Security Suite components in a Solaris or Linux environment: Note Before adding new components, we recommend that you perform a full system backup as a fallback strategy. This will allow you to restore your current system with a minimum of downtime, should you decide to do so. 1. Log on to the installation machine as the root user. 2. Close all applications and stop any antivirus software. 3.
Chapter 4: Installing Websense Enterprise or Web Security Suite Select Yes or No when asked if you want to install Network Agent: • Select Yes if the installation machine is not being used as a firewall. Installation will continue. • Select No if you are attempting to install Network Agent on a firewall machine, and Setup will exit. Install Network Agent on a machine that is not running a firewall.
Chapter 4: Installing Websense Enterprise or Web Security Suite System requirements check: The installer compares the system requirements for the installation you have selected with the resources of the installation machine. If the machine has inadequate disk space or memory, separate warnings are displayed. • • If the installation machine has insufficient disk space, the selected components cannot be installed, and the installer will quit.
Chapter 4: Installing Websense Enterprise or Web Security Suite Removing Components After installing Websense Enterprise or Web Security Suite or any of their components, you may want to remove components to change the configuration of Websense software in your network. Important The Policy Server service must be running to uninstall any Websense components. To remove the Policy Server, you must also remove all the other components installed on the machine.
Chapter 4: Installing Websense Enterprise or Web Security Suite 4. Select Websense from the list of installed applications. Add/Remove Programs Control Panel, Windows 2000 5. Click Change/Remove to launch the Websense uninstaller. There may be a delay of several seconds while the Websense uninstaller starts.
Chapter 4: Installing Websense Enterprise or Web Security Suite A list of installed components appears. Remove Components By default, all components are checked for removal. Warning Do not uninstall the Policy Server without uninstalling all of the Websense components. Removing the Policy Server will sever communication with the remaining Websense components and will require the reinstallation of those components. 6. To keep a component, remove the check mark from the box next to it.
Chapter 4: Installing Websense Enterprise or Web Security Suite If the Policy Server is not running, a dialog box appears advising you that removing Websense components may require communication with the Policy Server. You may exit the installer to restart the Policy Server, or continue uninstalling the selected components. Warning If the Policy Server is not running, the files for the selected components will be removed, but not the information about the components recorded in the config.xml file.
Chapter 4: Installing Websense Enterprise or Web Security Suite 3. Run the following program from the Websense installation directory (default is /opt/Websense): ./uninstall.sh Run the GUI version of the installer with the following command: ./uninstall.sh -g If you are using a non-English based system, the installer will display an error message advising you that the GUI version is not supported.
Chapter 4: Installing Websense Enterprise or Web Security Suite Network Agent: If you are uninstalling Network Agent on a remote machine after removing the Policy Server, expect the process to take several minutes. Network Agent will be successfully uninstalled, although no progress notification will be displayed. Completion: A completion message advises you when the procedure is finished. 5. Exit the installer. 6. If you stopped your antivirus software, be sure to start it again.
Chapter 4: Installing Websense Enterprise or Web Security Suite If you are repairing User Service or DC Agent, this will assure that they have administrator privileges on the domain. Important User Service and DC Agent must have administrator privileges on the network to retrieve user login information from the domain controller. Without this information, Websense software cannot filter by users and groups.
Chapter 4: Installing Websense Enterprise or Web Security Suite The installer compares the system requirements for the installation you have selected with the resources of the installation machine. If the machine has inadequate disk space or memory, separate warnings are displayed. If the installation machine has insufficient disk space, the selected components cannot be installed, and the installer will quit.
Chapter 4: Installing Websense Enterprise or Web Security Suite When the database has finished loading, a message appears advising you of the status of the download. Click Next to continue. 10. When a message announcing successful completion of the installation is displayed: If you chose a non-English language installer, click Next to continue. The Websense Language Pack installer starts. Follow the onscreen instructions to update Websense components with text in the selected language.
Chapter 4: Installing Websense Enterprise or Web Security Suite The installer detects the currently installed Websense components and asks you what action you want to take. 4. Select Repair existing Websense components, and select Next to advance through the procedure. Repair components: The installer advises you that it will repair the current installation by reinstalling the existing Websense components.
Chapter 4: Installing Websense Enterprise or Web Security Suite Master Database Download: If you are repairing Filtering Service, the installer asks if you want to download the Websense Master Database now or at a later time using Websense Manager. Select a database download option and then select Next to continue. Warning During repair of the Filtering Service, the installer removes the existing Master Database.
Chapter 4: Installing Websense Enterprise or Web Security Suite 6. If you stopped your antivirus software, be sure to start it again. Important If the Sun Web Proxy Plug-in was repaired, you must restart the Sun Java System Web Proxy Server. Repairing the Policy Server It may become necessary to repair (reinstall) the Policy Server in a distributed environment. Unless this is done correctly, communication with components installed on separate machines will be broken.
Chapter 4: Installing Websense Enterprise or Web Security Suite The installer detects installed Websense components and asks you what action you want to take. 7. Select Repair existing Websense components when prompted. For specific instructions, see Repairing an Installation, page 177. 8. When the installer is finished repairing the system, exit the installer and stop the newly installed Policy Server. 9. Replace the config.xml file created by the repair procedure with your backup copy. 10.
Chapter 4: Installing Websense Enterprise or Web Security Suite Manually Stopping Services Certain Websense components must be stopped and started in a prescribed order. Optional components may be stopped and started in any order. Optional Components You can manually start or stop these Websense services in any order.
Chapter 4: Installing Websense Enterprise or Web Security Suite 2. Scroll down the list of available services and select a Websense service.
Chapter 4: Installing Websense Enterprise or Web Security Suite 3. From the Action menu, select Start, Stop, or Restart or click one of the control buttons in the toolbar (Stop , Start , or Restart ). Restart stops the service, then restarts it again immediately from a single command. Warning DO NOT use the taskkill command to stop Websense services. This procedure may corrupt the services.
Chapter 4: Installing Websense Enterprise or Web Security Suite 188 Websense Installation Guide
CHAPTER 5 Initial Setup This chapter provides initial setup and configuration procedures for preparing your Websense software to the Sun Java System Web Proxy Server. After installing the Websense software and your integration product, perform the following tasks to complete the setup process. If you did not download the Websense Master Database during installation, use Websense Manager and your Websense subscription key to download the database.
Chapter 5: Initial Setup If you were unable to grant User Service or DC Agent administrator privileges during installation, do so now to ensure that they will function correctly. See Configure Domain Administrator Privileges, page 210. Configure your firewall or internet router appropriately. See Configuring Firewalls or Routers, page 211 for instructions. To integrate Sun Java System Web Proxy Server 4.
Chapter 5: Initial Setup Subscription Key and Master Database Download The Websense Master Database is the basis for filtering, and is updated daily by default. It is downloaded from a remote database server so that your version is the most current. For the database download to occur, the machine running the Websense Filtering Service must have internet access to the download servers at the following URLs: download.websense.com ddsdom.websense.com ddsint.websense.com portal.websense.
Chapter 5: Initial Setup Solaris or Linux: Go to the /Manager subdirectory in the Websense installation directory (by default, opt/Websense/Manager) and enter: ./start_manager 2. For a first-time installation, if Policy Server was not installed with Websense Manager, the Add Policy Server dialog box appears the first time you open Websense Manager. a.
Chapter 5: Initial Setup Database Download Settings 6. Enter your alphanumeric key in the Subscription Key field. The Subscribed network users and Subscribed remote users fields show a value of 0 until the database is successfully downloaded. 7. If your network requires that browsers use an upstream proxy server to reach the internet, the same proxy settings used by the browser must be used for downloading the Websense Master Database. Establish the proxy settings for the database download as follows: a.
Chapter 5: Initial Setup Note If Websense software is installed on a proxy server machine in your network, do not enter that IP address in your proxy settings. Use localhost instead. c. Enter the Port of the upstream proxy server or firewall (default is 8080). 8. If your network requires authentication to an upstream proxy server or firewall to reach the internet and download the Websense Master Database, perform the following procedure: a. Check Use Authentication. b.
Chapter 5: Initial Setup Identifying the Filtering Service for the Block Page URL If the Filtering Service is installed on a multihomed machine (with two or more network interface cards), you must identify the Filtering Service by its IP address in your network so that Websense block messages can be sent to users. When Websense software blocks an internet request, the user’s browser is redirected by default to a block message page hosted by the Filtering Service.
Chapter 5: Initial Setup 5. Save the file. 6. Stop and then restart the Filtering Service (see Stopping or Starting Websense Services, page 184). Displaying Protocol Block Messages Websense software will filter protocol requests normally whether or not protocol block messages are configured to display on user workstations.
Chapter 5: Initial Setup automatically by copying it into the Startup folder. For instructions, see your operating system documentation. Creating and Running the Script for Logon Agent If you have installed Websense Logon Agent, you must create a logon script for your users that will identify them transparently as they log on to a Windows domain. Identification is accomplished by the Websense LogonApp.
Chapter 5: Initial Setup Deployment Tasks To deploy LogonApp.exe with a logon script, perform the following tasks: Task 1: Prepare the logon script: Edit the parameters in the sample script file (Logon.bat) to suit your needs. This file contains two sample scripts: a logon script and a logout script. Active Directory can use both types of scripts. If you plan to use both types, you will need two separate .bat files with different names.
Chapter 5: Initial Setup Parameter Description IP address or name of the machine running the Websense Logon Agent. This must match the machine address or name entered when you configured Logon Agent in Websense Manager. The port number used by Logon Agent. Enter 15880 if you accepted the default port number when you configured Logon Agent in Websense Manager. /NOPERSIST Causes LogonApp.exe to send user information to the Logon Agent at logon only.
Chapter 5: Initial Setup Websense User Map and the Persistent Mode User identification provided at logon by LogonApp.exe is stored in the Websense user map. This information is updated periodically if LogonApp.exe is run in persistent mode. The update time interval for the persistent mode and the interval at which the user map is automatically cleared of logon information are configured in the Logon Agent tab of the Settings dialog box in Websense Manager.
Chapter 5: Initial Setup Logout Script: Continuing the example, copy the logon batch file and rename it Logout.bat. Then edit the script in Logout.bat as shown here: LogonApp.exe http://10.2.2.95:15880 /NOPERSIST /LOGOUT Configuring the Logon Script to Run You can configure your logon script to run with a group policy on Active Directory or on a Windows NTLM directory service. Note The following procedures are specific to Microsoft operating systems and are provided here as a courtesy. Websense, Inc.
Chapter 5: Initial Setup 9. Select Scripts (Logon/Logoff). 10. In the right pane, double-click Logon. 11. In the Logon Properties dialog box displayed, click Show Files to open the logon script folder for this policy. The folder opens in a Windows Explorer window. 12. Copy two files into this folder: your edited logon batch file (Logon.bat) and the application LogonApp.exe. 13. Close the Explorer window and click Add in the Logon Properties dialog box. The Add a Script dialog box appears. 14.
Chapter 5: Initial Setup For additional information about deploying logon scripts to users and groups in Active Directory, please see: http://technet2.microsoft.com/WindowsServer/f/?en/library/84b5457b1641-4707-a1f4-887b5f9471dd1033.mspx Windows NTLM To configure the Websense logon script in Windows NTLM: 1. Make sure your environment meets the conditions described in Prerequisites for Running the Logon Script, page 197. 2. Copy the Logon.bat and LogonApp.
Chapter 5: Initial Setup 9. Repeat this procedure on each domain controller in your network as needed. Note You can determine if your script is running as intended by configuring your Websense software for manual authentication. If transparent authentication with Logon Agent fails for any reason, users will be prompted for a user name and password. Advise your users to notify you if this occurs.
Chapter 5: Initial Setup Network Agent Local Settings 6. In the Proxy/Cache Machines section of the right panel, click Add. A dialog box appears allowing you to define an IP address or a range of addresses.
Chapter 5: Initial Setup 7. Enter an IP address and click OK to add the IP address to the list of proxy or cache servers. Proxy/Cache Server List 8. Repeat Step 6 and Step 7 for each proxy server in your network. 9. Click OK to save your changes. For additional information about configuring Network Agent, see the Network Agent chapter in the Administrator’s Guide for Websense Enterprise and Web Security Suite.
Chapter 5: Initial Setup Configuring Network Agent to use Multiple NICs Each Network Agent instance must use at least one designated NIC. However, Network Agent is capable of using multiple NICs. If you installed Network Agent on a machine with multiple NICs, you can configure it to use different NICs for different purposes. For example, you can configure Network Agent to use one NIC for monitoring traffic, and another to send blocking information to Filtering Service.
Chapter 5: Initial Setup The Websense Traffic Visibility Tool appears. Traffic Visibility Tool Field Description Network Card Name of the network interface card (NIC) to test. Active cards on the installation machine appear in this list. Cards without an IP address will not appear in this list. Networks Tested Displays the netmasks that are being tested. You may use the defaults provided or add your own.
Chapter 5: Initial Setup A default list of networks (netmasks) to test appears. You may use the defaults provided or add your own. These netmasks can reside in different network segments depending upon the IP address ranges to be filtered. 3. If the network you want to test with the NIC does not appear in the default list, click Add Network. The Add Network dialog box appears. a. Enter a new netmask value in the Network ID field. The subnet mask defaults to 255.0.0.
Chapter 5: Initial Setup 7. Click Stop Test when you are finished testing. 8. Click Close to exit the Traffic Visibility Tool. The Network Agent NIC must be able to monitor all targeted internet traffic. If Network Agent cannot see the necessary traffic, you must either reposition the machine in the network, or select another machine on which to install the Network Agent.
Chapter 5: Initial Setup 2. Select Windows NT Directory / Active Directory (Mixed Mode). (Make this selection even if you are not using Mixed Mode.) 3. Enter domain administrator credentials in the fields on the screen. 4. Click OK. Configuring Firewalls or Routers To prevent users from circumventing Websense filtering, your firewall or internet router should be configured to allow outbound HTTP, HTTPS, FTP, and Gopher requests only from the Sun Java System Web Proxy Server.
Chapter 5: Initial Setup 2. Locate the obj.conf file on the Sun Java System Web Proxy Server machine. This file is located in the /config subdirectory in the directory where the Sun Java System Web Proxy Server was installed. 3. Make a backup copy of the obj.conf file. 4. Open the obj.
Chapter 5: Initial Setup Server for each of these protocols. For information about disabling a protocol, see your Web Proxy Server system documentation. Note If you have disabled protocols on the SOCKS proxy server and sent them through the normal proxy server for filtering by the Websense software, make sure TCP/IP stacks are installed on all the workstations. User Workstation Configuration User workstations must have a web browser that supports proxy-based connections and Java technology. Versions 4.
Chapter 5: Initial Setup MinConn: (added in v4.0.) The number of connections that are created by default between the Sun Java System Web Proxy Server and the Websense Filtering Service. Default value: 50. MaxConn: (added in v4.0.) The maximum number of connections permitted between the Sun Java System Web Proxy Server and the Websense Filtering Service.
Chapter 5: Initial Setup Activating the Websense Web Protection Services™ The Websense® Web Protection Services™—SiteWatcher™, BrandWatcher™, and ThreatWatcher™—protect your organization’s websites, brands, and web servers. These services are included if you purchased a Web Security Suite subscription, but they must be activated. To turn on ThreatWatcher, SiteWatcher, and BrandWatcher: 1. Go to www.my.websense.com, log in, and enter your Web Security Suite subscription key. 2.
Chapter 5: Initial Setup Firewall Configuration for Remote Filtering Remote Filtering is an optional Websense service that allows you to filter user workstations located outside your organization’s network firewall. If you installed the Remote Filtering components, some firewall configuration is necessary to enable web filtering on remote workstations. Firewalls must be configured to allow the Remote Filtering Server to communicate with the remote workstations and with the Filtering Service.
Chapter 5: Initial Setup See the documentation for your firewall product if you need information about how to accomplish these firewall configuration tasks. Blocking remote users’ internet access when Remote Filtering is unavailable If you are using the optional Websense Remote Filtering feature, you can configure it to block remote users’ internet access when they are unable to connect with the Remote Filtering Server.
Chapter 5: Initial Setup Linux and Solaris: /opt/Websense/bin 2. Open the securewispproxy.ini file in a text editor. 3. Change the value of the FailClose parameter to true. 4. If you leave the FailCloseTimeout set to its default value of 15, the Remote Filtering Client tries to connect with the Remote Filtering Server for 15 minutes before failing closed and blocking all HTTP traffic.
Chapter 5: Initial Setup is activated after the machine leaves the corporate network is deactivated after the machine enters the corporate network is restarted fails open (allows access to all websites when connectivity with Remote Filtering Server is lost) fails closed (blocks access to all websites when connectivity with Remote Filtering Server is lost) receives a policy update The maximum size of this local log file can be changed by editing the LocalLogSize parameter in the secur
Chapter 5: Initial Setup The new maximum log size setting is applied to all Remote Filtering Clients that connect with the Remote Filtering Server. Note If you are using Websense Client Policy Manager (CPM) in your network, Remote Filtering parameters are configured in the Desktop tab of Websense Manager. If the CPM Server is present, values set for the LocalLogSize parameter in the securewispproxy.ini file are ignored.
APPENDIX A Stealth Mode In some cases, it might be desirable to configure the Network Agent to inspect all packets with a network interface card (NIC) that has been configured for stealth mode. A NIC in stealth mode has no IP address and cannot be used for communication. The advantages for this type of configuration are security and network performance. Removing the IP address prevents connections to the interface from outside and stops unwanted broadcasts.
Appendix A: Stealth Mode Windows Stealth mode for the Network Agent interface is supported in Windows. To configure a NIC for stealth mode: 1. From the Start menu, select Settings > Network and Dial-up Connection. A list of all the interfaces active in the machine is displayed. 2. Select the interface you want to configure. 3. Select File > Properties or right-click and select Properties from the pop-up menu. A dialog box displays the connections properties of the interface you have chosen.
Appendix A: Stealth Mode Solaris or Linux To configure a NIC for stealth mode in Solaris or Linux, you must disable the Address Resolution Protocol (ARP), which severs the link between the IP address and the MAC address of the interface.
Appendix A: Stealth Mode 224 Websense Installation Guide
APPENDIX B Troubleshooting You may encounter a situation while installing Websense Enterprise or Web Security Suite and configuring Sun Java System Web Proxy Server that is not addressed in the previous chapters. This appendix provides troubleshooting information for installation and initial configuration issues that have been called in to Websense Technical Support. Please check this chapter for information about the problem you are having before you contact Technical Support.
Appendix B: Troubleshooting Network Agent cannot communicate with Filtering Service after it has been reinstalled. Users filtered via remote filtering are not receiving block pages. Remote filtering is not working. I made a mistake during installation Run the installation program again. The installer will detect the current installation and allow you to Add, Remove, or Repair Websense components.
Appendix B: Troubleshooting Follow the onscreen instructions to complete installation of the Language Pack. Websense components and files on the machine are updated with text in the language you selected. I forgot my Websense Policy Server password Contact Websense Technical Support for assistance. You can find contact information in Appendix C: Technical Support. Where can I find download and error messages? Windows Check the Windows Application Event log or Websense.
Appendix B: Troubleshooting Check the date shown in the Key Expires field. If this date has passed, contact Websense, Inc., to renew your subscription. Internet Access The machine running the Filtering Service must have access to the internet via HTTP, and must be able to receive incoming transmissions. To verify internet access on the Websense Filtering Service machine: 1.
Appendix B: Troubleshooting 5. If the Websense software must access the internet through an upstream firewall or proxy server that requires authentication, check the following: The correct user name and password must be entered in the Database Download screen of the Settings dialog box. Verify spelling and capitalization. The firewall or proxy server must be configured to accept clear text or basic authentication.
Appendix B: Troubleshooting 1. In Websense Manager, go to Server > Settings > Directory Service. Active Directory (Native Mode) will be selected in the Directories pane if you are using Active Directory. 2. Click the Advanced Settings button. 3. Click MBCS under Character Set to change the character set from UTF-8 to MBCS.
Appendix B: Troubleshooting proxy server as the source IP address of all permitted requests and will not log blocked requests at all. For instructions, see Identifying the Proxy Server for Network Agent, page 204. If user- and group-specific policies are not being applied to protocol requests (i.e., all protocol requests are being filtered by the Global policy), your integration product may not be passing user credentials to Network Agent.
Appendix B: Troubleshooting Proceed with the following network checks: Check the user machine’s visibility to the domain controller from which the logon script is being run. Make sure that NetBIOS is enabled on the machine. Make sure the user profile is not blocking the execution of the logon script. Domain Controller Visibility To determine is the domain controller is visible to the workstation: Attempt to map a drive on the client workstation to the domain controller’s root shared drive.
Appendix B: Troubleshooting 2. Delete the following directory that contains the user profile: C:\Documents & Settings\ 3. Restart the machine. 4. Log on as the normal user. The user profile will be created automatically. 5. Check to make sure the user is being filtered as expected.
Appendix B: Troubleshooting 5. Follow the onscreen instructions to install Websense software. Note The installation sequence for the console mode is identical to that of the GUI mode. 6. Install Websense Manager on a Solaris machine or a Windows machine capable of displaying the Java interface.
Appendix B: Troubleshooting Users filtered by remote filtering do not receive block pages If users with the Remote Filtering Client on their workstations are being filtered properly, but are not receiving Websense block pages, try the following: If there is a firewall between the Websense Filtering Service machine and the Remote Filtering Server machine, check that it has been properly configured, as described in Enabling communication between Remote Filtering Server and Filtering Service, page 216:
Appendix B: Troubleshooting Network Agent is filtering responses to remote filtering requests. Other connection problems. DHCP is enabled for the Remote Filtering Server machine. The Remote Filtering Server machine is running Windows Server 2003, but Service Pack 1 is not installed. Parameters for communication between Remote Filtering Server and Remote Filtering Clients are not properly configured: IP addresses for internal and external communication are not properly configured.
Appendix B: Troubleshooting 4. Check that any firewalls located between Websense Filtering Service and Remote Filtering Server are correctly configured. If there are one or more firewalls between the Filtering Service machine and the Remote Filtering Server machine, check that they have been properly configured, as described in Enabling communication between Remote Filtering Server and Filtering Service, page 216.
Appendix B: Troubleshooting e. In the Internal Network Definition section of the window, check that the IP address for the machine running Remote Filtering Server is not included. • • f. If the server’s IP address is listed individually, select the address from the list and click Delete. If the server’s IP address is in a range, delete the range and add two ranges around that IP address. When you are finished, click OK at the bottom of the screen to save your changes.
Appendix B: Troubleshooting 9. Check that communications are properly configured for the Remote Filtering Server and the Remote Filtering Clients. Remote Filtering Clients must be able to connect to the Remote Filtering Server from both inside and outside the internet gateway or network firewall. The correct communication information—IP addresses and port numbers for internal and external communications—must be entered during installation.
Appendix B: Troubleshooting f. The values need to be checked on the Remote Filtering Client machines. Contact Websense Technical Support for assistance. The technician will need the information gathered in the previous steps to verify that communications are properly configured. 10. Check that the pass phrases match. The pass phrase for Remote Filtering Server and the Remote Filtering Clients must match. Checking to see if they match requires access to configuration and registry files.
APPENDIX C Technical Support Websense, Inc., is committed to providing excellent service worldwide. Our goal is to provide professional assistance in the use of our software wherever you are located. Online Help Select the Help option within the program to display detailed information about using the product. Important Default Microsoft Internet Explorer settings may block operation of the Help system. If a security alert appears, select Allow Blocked Content to display Help.
Appendix C: Technical Support Telephone assistance is also available.
Index A Active Directory, 27 running logon script from, 201–203 adding components Linux, 169–171 Solaris, 169–171 Windows, 163–168 Address Resolution Protocol (ARP), 223 Apache HTTP Server installing, 114 authentication directory services, 27–29 User Service, 16 with RADIUS Agent, 117, 150 B Bandwidth Optimizer, 9, 12, 73, 107, 146 basic authentication, 211 block messages for protocols, 196–197 block page port, 128, 161, 216 block page URL, 195–196 BrandWatcher, 215 browser path to, 145 proxy-based connect
Index directory services supported types, 27–29 DirectX requirement, 233 DNS server, 195 documentation document conventions, 8 product guides and applicability, 7 Websense documentation website, 8 domain administrator privileges, 101 domain controller testing for visibility from, 232 dual homed system deployment, 25 E eDirectory Agent defined, 9 deployment of, 20 installing separately Linux, 152–154 Solaris, 152–154 Windows, 119–121 eimserver.
Index Solaris, 157–162 Windows, 123–129 Sun Web Proxy Plug-in, 94–99 Websense Enterprise Linux, 84–94 Solaris, 84–94 Sun Java System Web Proxy Server machine, 74–84 Websense Web Security Suite Linux, 84–94 Solaris, 84–94 Sun Java System Web Proxy Server machine, 74–84 Windows installer does not launch, 233 internet access problems, 228–229 IP addresses changing for installed components, 67 configuring for proxy servers, 204–206 defining ranges for Network Agent, 17, 107 disabling for stealth mode, 222 requ
Index failure of, 227–229 from Websense Manager, 191–194 performing, 191–194 Messenger Service, 196 modifying an installation, 162–183 multi-chaining configuration, 26 N NetBIOS, 19 enabling for logon script, 232 Netscape Proxy Server, 31 Network Agent bandwidth optimizer, 73, 107, 146 capture interface, 80, 89, 109, 148, 166, 170 defined, 9 deployment of, 16 feedback on protocol usage, 80, 89 in switched environments, 17 installing separately Linux, 146–150 Solaris, 146–150 Windows, 107–111 instant messa
Index deployment of, 23 installing manually, 132 with third-party tools, 137 local log, 218 repairing an installation, 141 setting to fail closed, 217 troubleshooting, 235 uninstalling, 142 upgrading, 49 manually, 50 with third-party tools, 52 Remote Filtering Client Pack defined, 100 installing, 130–131 upgrading, 49 Remote Filtering Server DCHP incompatibility, 158 defined, 10 deployment of, 22 DHCP incompatibility, 124 External Communication Port, 126, 135, 138, 159 firewall configuration for, 216–217 i
Index integrating v4.
Index Windows, 105–107 launching, 191 Websense Master Database, See Master Database Websense services manually stopping, 185 starting and stopping Linux, 187 Solaris, 187 Windows, 185–187 stopping before upgrading, 37 Websense Web Security Suite component deployment, 15–24 component overview, 8–11 components adding, 162–171 removing, 172–177 converting Stand-Alone Edition to integrated system, 54–66 functional overview, 11–12 initial configuration, 189 initial configuration of Web Protection Services, 215
