Use the Remote Access option to enable and disable SSH access to the security blade command line interface.
Use the Command Line Utility to run troubleshooting, debugging, and utility commands. Results are displayed in the
Console output section of the page. You can download the output file for the command last executed.
Click Launch Utility to open the command utility.
The Module drop down list includes an entry for each module installed on the security blade depending on your security mode but could include one or more of the following modules. Select the module that you want to work with:
Select the command you want to run from the Command drop-down list, enter appropriate parameters as described below, and then use the
Run and
Stop buttons as appropriate:
|
|
|
|
|
|
|
|
|
|
Use it to turn on, turn off, or query the status the caching of user names resolved from IP addresses by Content Gateway. Cached entries are valid for 10 minutes.
|
[Action]: Enter enable to turn on user name caching.
Enter disable to turn off user name caching.
Enter status to display the status of user name caching.
|
|
|
Use it to display the current value of a configuration variable in Content Gateway's records.config file.
|
[Variable Name]: Enter the name of the configuration variable for which you want to retrieve a value.
"0" indicates that the virtual IP manager is disabled; "1" indicates that it is enabled.
For a complete list of valid configuration variables, click the link Websense Content Gateway variables and navigate to the records.config topic. [You may be asked for credentials if you have not logged on to the proxy console earlier in the session.]
|
|
|
Use it to set the value of a configuration variable in Content Gateway's records.config file.
With this command, you can make changes to Content Gateway variables without restarting the proxy. To activate the changes, run content_line -x (see below).
|
Example: Enter the variable name proxy.config.arm.enabled and the value "1" or "0".
This enables or disables the ARM, which his used for transparent proxy caching, IP spoofing, and ARM security.
For a complete list of valid configuration variables, click the link records.config. [You may be asked for credentials if you have not logged on to the proxy console earlier in the session.]
|
|
|
Use it to read and apply the values of all configuration variables in Content Gateway's records.config file.
If you have used content_line -s to change the setting of any variables in the file records.config, you can activate your changes immediately (without restarting the proxy) by running this command.
|
|
|
|
Displays the current ethernet card settings of the specified network interface (NIC) device. This includes:
Use ethtool to verify local network connectivity.
|
|
|
|
Displays offload parameters, including checksum, for the selected network interface (NIC) device.
This can be used to investigate a variety of problems. For example, if your NIC settings are right, but you are having duplex issues, you know you need to change your duplex settings.
|
|
|
|
Use to troubleshoot network interface issues. Helps you identify IP issues and check subnets and network interfaces.
Displays status information about the specified NIC, including but not limited to:
|
[Interface]: Enter the NIC for which you want settings. Click the information icon for valid NIC values.
Enter all to display all interface status.
|
|
|
Attempts to read and write data across a network using user datagram protocol (UDP) to the specified server.
If you are having problems loading a Web page, or are getting a block, this command can help determine the problem.
If you see a reset coming from the proxy, you can determine which DOM/module it is coming from.
|
[Destination]: Enter the IP address of the server with which you want to communicate.
|
|
|
Attempts to read and write data across a network using transmission control protocol (TCP) to the specified server.
|
[Destination]: Enter the IP address of the server with which you want to communicate.
|
|
|
Displays a list of open sockets on the selected module, appended with the process column.
Displays active TCP connections. However, addresses and port numbers are expressed numerically, and no attempt is made to determine names.
Displays ethernet statistics, such as the number of bytes and packets sent and received.
Displays all active TCP connections and the TCP and UDP ports on which the computer is listening.
|
|
|
|
Displays multicast group membership information about the selected module.
Displays active TCP connections. However, addresses and port numbers are expressed numerically, and no attempt is made to determine names.
|
|
|
|
Use one of the netstat commands if you are having network connection and routing issues.
netstat -nItup displays the following:
|
|
all active TCP connections and the TCP and UDP ports on which the computer is listening. Addresses and port numbers are expressed numerically, and no attempt is made to determine names.
|
(This is useful if, for example, Filtering Service is not filtering. You can look at the connection the module is using here. If it is not the IP and port of the Filtering Service machine, you have found the source of the problem.)
|
|
|
|
Displays summary statistics for each protocol on the selected module. By default, statistics are shown for the IP, ICMP, TCP, UDP, and TCPEXT protocols. This includes such things as:
|
|
|
|
Use this for DNS resolution problems. For example, if a particular Web site is not loading, perform an nslookup on it to view its IP address.
nslookup lets you query DNS servers to find DNS details, including IP addresses of a particular computer, MX records for a domain, and the DNS servers of a domain.
|
[Host]: Enter the hostname (for example myintranet.com) or IP address of the host for which you want DNS information.
[DNS server]: Enter the hostname or IP address of the DNS server for the security blade.
|
|
|
Checks that a hostname or IP address exists, can accept requests from the selected module, and that DNS is resolving.
Use this to test connectivity to another host— for example, the Data Security Management Server or TRITON - Web Security machine—and determine response time.
|
[Destination]: Enter the hostname (for example myintranet.com) or IP address of the host you want to test.
|
|
|
Checks that a network interface can communicate with a hostname or IP address and that DNS is resolving.
Use this to test connectivity to another host—for example, the Data Security Management Server or TRITON - Web Security machine—from one of the security blade NICs.
|
[Interface]: Enter the name of the NIC you want to test. Click the information icon for valid NIC values.
[Destination]: Enter the hostname or IP address of the host you want to test.
|
|
|
This command applies only to the Websense Content Gateway module.
When Content Gateway is in transparent proxy caching mode, use this command to see which source and destination IPs the proxy is bypassing.
If sites are not loading correctly, this helps you identify if a site is loading from your cache or going directly to the site for download.
All entries in the source and destination bypass tables for the proxy are printed to the output console.
For more information on source and destination bypass, see the Configuration Files > bypass.config section of the Content Gateway Manager Help system.
|
|
|
|
Use this command to retrieve the Policy Broker token for this security blade. This may be needed to configure support for Remote Filtering. See the Websense Technical Library for more information.
|
|
|
|
Display the current contents of the selected module's kernel IP routing table in numeric format.
This is useful in complex network environments—for example, those with proxy chaining—to show if the environment is set up properly.
|
|
|
|
Displays the email address to which alerts, password resets, and other TRITON administrator messages are sent.
|
|
|
|
Displays the SMTP server information and sender email settings used when notifications are sent from TRITON.
|
|
|
|
Edit this setting if you are experiencing performance problems with specific Web sites that do not properly support TCP time stamps.
If the setting was changed and you are experiencing site latency with other sites—those that work best with TCP time stamps— return the setting to its default value and consider routing traffic to the problematic sites around the proxy.
Be sure to choose a setting that works well for the sites that are most important to you.
|
[Value]: Enter "0" to disable the current time stamp setting, and restore it to its default.
|
sysctl-tcp-window-scaling
|
Edit this setting if you are experiencing performance problems with specific Web sites that do not properly support TCP windows scaling.
If the setting was changed and you are experiencing site latency with other sites—those that work best with TCP windows scaling— return the setting to its default value and consider routing traffic to the problematic sites around the proxy.
Be sure to choose a setting that works well for the sites that are most important to you.
The setting affects the use of windows scaling by the kernel for all TCP connections.
|
[Value]: Enter "0" to disable the current window scaling setting, and restore it to its default.
|
|
|
Use for any Web traffic issues to get packet captures—for example, if a site will not load or if you are having authentication problems.
tcpdump intercepts and displays packets being transmitted or received by the specified network interface. Use the Expression field to select which packets are displayed.
The output from tcpdump can help you determine whether all routing is occurring properly, to and from the interface. The output is verbose; it displays the data of each package in both hex and ASCII; and it includes a link-level header on each line.
Note that if you do not stop the tcpdump command manually, 10,000 packets are captured, the maximum allowed.
|
[Interface]: Enter the name of the NIC you are debugging. Click the information icon for valid NIC values.
[Expression]: Enter a boolean expression that filters the packets to those of interest. Click the information icon for examples.
Example 1: To capture all TCP traffic to and from the proxy on port 8080, enter this expression:
Example 2: To capture all TCP traffic to the site google.com, enter this expression:
Example 3: To capture all TCP traffic from a specific end-user machine, enter this expression:
Note that you can enter a hostname if it is resolvable by a DNS server, but the output uses IP addresses either way.
|
|
|
To download the file, click the link, Download output file for last command, after running the command. This link is under the console output window.
|
[Interface]: Enter the name of the security blade NIC you are debugging. Click the information icon for valid NIC values.
[Expression]: Enter a boolean expression that filters the packets to those of interest. Click the information icon for examples.
Enter all to capture all packets.
Note that you can enter a host name if it is resolvable by a DNS server, but the output uses IP addresses either way.
|
|
|
Displays all operating system tasks that are currently running on the selected module. Use this to help troubleshoot CPU and memory issues.
|
|
|
|
Use this to determine the route taken by packets across a network to a particular host.
If some machines are not getting filtered or blocked, or if traffic is not even getting to the security blade, this shows the devices (or hops) that are between the machines that may be blocking access to the host. Use tcpdump to get a packet capture from each device.
If you are having latency issues, traceroute can also help identify the causes.
(Note that traceroute is of limited utility if an IP is being spoofed.)
|
[Destination]: Enter the hostname or IP address of the host destination you are investigating
|
|
|
Pertains only to the Websense Web Security module, and only when TRITON - Web Security is running on the blade for demonstrations.
Use this to set the email address to which alerts, password reset notifications, and other administrator communication is sent.
|
|
|
|
Pertains only when TRITON - Web Security is running on the blade for demonstrations.
Note: Typically these settings are made in the TRITON Unified Security Center on the Settings > Notifications page.
|
[SMTP server IP]: The IP address or host name of the SMTP server through which email alerts should be routed.
[From email address]: The email address to use as the sender for email alerts.
|
triton-websecurity-services
|
|
[Action]: Enter start to start TRITON - Web Security services.
Enter stop to stop TRITON - Web Security services.
Enter restart to restart TRITON - Web Security services.
Enter status to display the status of TRITON - Web Security services.
|
|
|
This command applies only to the Websense Content Gateway module.
This command is useful for investigating latency issues, outages, or filtering problems, among other things.
|
|
|
|
Use to initiate a non-interactive download of files from the Web, so you can diagnose connectivity issues.
Use wget, for example, if you have configured the proxy, but cannot access the Web. wget simulates the proxy going out and retrieving the Web site.
|
[URL]: Enter the URL of the Web site from which you want to download files.
|
|
|
Use to test connectivity between the specified URL and the proxy (file download not supported).
Use wget, for example, if you have configured the proxy, but cannot access the Web. wget simulates the proxy going out and retrieving the Web site.
|
[URL]: Enter the URL of the Web site to which you want to test connectivity.
[Proxy IP]: Enter the proxy IP address. This is the IP address of the A1.P1 interface on most security blade configurations.
[Port]: Enter the port on which the proxy expects this traffic. 8080 is configured for HTTP by default. 8070 is configured for HTTPS by default.
[User name]: Enter the user name of the client, if required for authentication.
[Password]: Enter the password of the client, if required for authentication.
|
Websense Security Blade Manager Help
