The version number of the appliance software is now synchronized with the Websense modules running on it. Version 7.5.0 of the Websense V-Series appliance updates all Websense software modules on the appliance to version 7.5.0. New v7.5.0 components are available both on and off the appliance, and can be enabled by subscription key.
|
|
All networked V-Series appliances, and all Websense software modules running off the appliance and communicating with the V-Series, must be at the same base version. Ensure that the policy source (primary) appliance and all other appliances are at version 7.5. Consult the Websense Deployment Guide for information about modules that run off the appliance. Any Websense modules running off the appliance must also be at v7.5.x:
|
Appliance Manager is the new name for the familiar appliance management console. This is a graphical interface for configuring the appliance itself, checking the status of the software modules, updating passwords, troubleshooting, and applying patches to the appliance.
Appliance Manager provides status information about each module running on the appliance and enables you to establish assignments and network routes for the appliance's network interfaces.
Appliance Manager now offers setup options for expansion interfaces; provides access to selected command-line utilities such as ping and netstat; enables you to edit the block pages that display when users are prevented from accessing a Web page; and expands several other key features.
Each of these interfaces can be cabled to your network and then bonded through software settings to a Websense Content Gateway interface, with E1 optionally bonded to P1, and E2 optionally bonded to P2.
|
|
Appliance backup: This backs up all settings for the appliance and for all Websense software modules on the appliance. You can perform the backup from any appliance on your network; the data included in the backup file varies according to the appliance on which you run it. Websense recommends you run a full backup on each appliance in your network regularly.
|
|
|
Module backup: This saves all configuration information, including client and policy data, stored in the Policy Database. Only the policy source (primary appliance) can perform this task.
|
After you select the type of backup you want, the Backup Utility checks all Websense components on the machine, collects the data eligible for backup, and creates an archive file. The file name includes a date stamp.
Full appliance backup files are displayed in the Appliance Manager with the following information:
|
|
Full policy source is the standard comment if the backup was generated on the policy source appliance.
|
|
|
Filtering only is the standard comment if the backup was generated on a filtering only appliance.
|
|
2.
|
Select Back up full configuration.
|
|
1.
|
On your policy source appliance, initiate an immediate backup by selecting Backup on the Administration > Backup Utility screen.
|
|
2.
|
Select Back up module configuration.
|
|
4.
|
Choose Websense Web Security to back up the Policy Database.
|
You can now use the Administration > Toolbox screen to set up customized block pages and access a command line to assist with troubleshooting.
The default Websense block page files are always available. Simply choose the Default block page option on the
Administration > Toolbox screen in
Appliance Manager to use the defaults provided by Websense.
Your edited files can make use of custom logo files and other custom graphics files. If you use custom graphics, be sure to upload these additional graphics files to the editable directory, and make any edits necessary for other block files to point to them.
Note that the Help system for TRITON - Web Security contains detailed instructions for modifying any portion of the default block pages. These steps are located under the heading:
Working with block pages.
The file master.html includes the HTML code used to display to a Websense logo on the block page. To display your organization's logo instead:
|
3.
|
Open master.html in a text editor, such as Notepad or vi (not an HTML editor), and edit the following line to replace the Websense logo with your organization's logo:
|
|
|
Replace wslogo_block_page.png with the name of the image file containing your organization's logo.
|
The new command line utility enables you to run basic Linux commands for network troubleshooting and debugging from the Appliance Manager. Results are displayed on screen. You can download the output file for the most recent command displayed.
Click Launch Utility on the
Toolbox page to open the command utility.
Select the command you want to run from the drop-down list, enter appropriate parameters as described in the Help, then use the
Run and
Stop buttons as appropriate.
The TRITON console, introduced in this release, provides a single access point into the configuration interfaces for Websense Web Security and Websense Data Security.
TRITON can be launched from any supported browser.
Websense Manager has been renamed to
TRITON - Web Security. This manager component is now pre-installed on the appliance for use in evaluations and small organizations. You can choose to run it on the
policy source appliance or (instead) install it off-box. Production sites with heavy traffic or large reports are advised to download the Websense Web Security installer archive from
www.websense.com and install the
TRITON - Web Security console on a separate Windows server.
Use the Configuration > Web Security Components screen in
Appliance Manager to specify the location of your
TRITON - Web Security manager.
On the policy source appliance only, you can choose whether to use
TRITON - Web Security on the appliance, or elsewhere on your network. The default for evaluations is to use
TRITON - Web Security on the
policy source appliance. See
New policy source configuration option for more details about the
policy source.
After you upgrade from an earlier version of the appliance, your previous Web Security management IP settings are already populated on this screen (your off-appliance Web security manager location is known and is preserved). If you do not have a manager location already established off the appliance, then the system uses
TRITON - Web Security on the
policy source appliance by default.
|
|
To administer Websense Web Security on your policy source appliance, select TRITON - Web Security on this appliance. After you upgrade from an earlier version, you can use this option to override a previous manager location on your network.
|
|
|
To specify that TRITON - Web Security is installed elsewhere, select TRITON - Web Security located on another appliance or server on your network, and enter the IP address for the appliance or server where the manager is installed in your network. The default port is displayed. This option disables the on-appliance Web Security manager.
|
|
|
If you switch from an off-appliance TRITON - Web Security manager to an on-appliance version, or vice versa, you need to re-configure some settings in your new instance of TRITON - Web Security. Be sure to check all settings.
|
If you are configuring an appliance that is not a policy source machine,
TRITON - Web Security settings are not needed. The
TRITON console does not run on
non-policy source appliances.
If you run the TRITON - Web Security manager on a Websense appliance, be sure that
Log Server points to the
Policy Server on that same appliance (point
Log Server to the IP address of appliance interface C).
|
|
Websense Log Server and TRITON - Web Security (manager component) must exchange connection information about the Log Database via Policy Server, so they must both point to the same Policy Server.
|
Whether you have one location or many, you designate a single appliance (or other server) to host a centralized Websense Policy Database. The other Websense appliances in your network point to this server and receive regular updates from it. This appliance is called the
policy source. All available Websense Web Security services run on the
policy source appliance.
In previous versions, the V-Series appliance could serve as either (a) the policy source machine or (b) a filtering machine, taking action on URL requests based on user information and policy data obtained from the
policy source appliance located elsewhere on your network.
An appliance that is designated as the full policy source machine runs these components:
Other appliances must point to the policy source machine by IP address to receive changes to your policies. To make that association in the
Appliance Manager, use the
Configuration > Web Security Components screen, under
Policy Source.
Any appliance that is not the policy source can be designated to run either:
|
|
User directory and filtering (these appliances must point to the policy source IP address). You might think of the user directory and filtering appliance as a lightweight version of the policy source machine. It runs:
|
|
|
Filtering only (these appliances must point to the policy source IP address). A filtering only appliance does not run Policy Server. It runs only:
|
See the Websense Deployment Guide for recommendations about the optional components and components that run off the appliance.
After you select your policy source machine, how do you determine which role is more effective for the other appliances in your network:
filtering only, or
user directory and filtering? The following information can be helpful:
Appliances that run filtering only typically work best when they are local to the
policy source and on the same network.
|
|
If the policy source machine is instead on a remote network, with a WAN connection, it can be difficult to obtain user name/IP address maps for the local users.
|
If you run the TRITON - Web Security manager on a Websense appliance, be sure that
Log Server points to the
Policy Server on that same appliance (point
Log Server to the IP address of appliance interface C).
|
|
Websense Log Server and TRITON - Web Security (manager component) must exchange connection information about the Log Database via Policy Server, so they must both point to the same Policy Server.
|
