Operating tips

Topic 44009 / Updated: 9-May-2013


Applies To:	Websense V-Series Appliances Version 7.7.3 Models include: V10000 G3, V10000 G2, V10000, V5000 G2

Interface setup tip

If the P2 interface is used and it is in the same subnet as P1, the default gateway is automatically assigned to P2, which is bound to eth1. You should perform a test to ensure that outbound packets can reach the Internet.

Avoiding port conflicts

See the ports list for a table of the Websense software module versions that are compatible with each appliance version.

Check the ports article to avoid port conflicts if you plan to make a change from a default port.

For example, if you want to use an HTTP proxy server port that is different from the default port (8080), be sure to check the ports list first, to avoid conflict with ports already in use by the V-Series.

Upgrade tip

After patch installation is complete:

Log onto the Appliance Manager, go to the Configuration > System page and confirm and adjust, if necessary, the Time and Date settings, paying particular attention to the time zone setting.

If the upgraded appliance is a Policy Server, log onto TRITON console, go to the TRITON – Web Security Settings > General > Policy Servers page and add the appliance. Next go to the TRITON console Appliances tab and register the appliance.

The upgrade procedure does not preserve the Integrated Windows Authentication join to the Windows Domain. Post upgrade, re-enable IWA and rejoin IWA to the Windows Domain. See Configuring Integrated Windows Authentication in Content Gateway Manager Help.

Logging tip

If you want to examine log files for Network Agent in Appliance Manager, be sure to turn on Network Agent logging in the TRITON - Web Security console first. To do this, log on to TRITON - Web Security and navigate to the Settings > Network Agent > Global. Hover over Global and select the Network Agent IP address that you're interested in. At the bottom of the page, open Advanced Network Agent Settings, go to the Debug Settings area, and set Mode, Output, and Port.

Deployment tips

When Policy Broker is run on a V-Series appliance (configured as the Full policy source), all Policy Servers that point to that Policy Broker (configured as User directory and filtering) must be installed on V-Series appliances as well. You cannot install and run Policy Servers on off-box machines and point them to a Policy Broker that runs on an appliance. This configuration is not supported.

However, you can run Policy Server on multiple appliances (User directory and filtering mode) and point these appliances to a Policy Broker running either on or off an appliance.

Teamed NICs share the load under one common identity, with multiple adapters load-balancing under a single IP address. This is also known as link aggregation or trunking.

If you have implemented NIC teaming, but don't see load balancing working as expected, the problem may be resolved by configuring your switch to disable flowcontrol send. To do this, use the command set port flowcontrol send off for both the port-channel and channel member ports.

When Web Security Gateway (Anywhere) is deployed and Content Gateway Integrated Windows Authentication (IWA) is configured, if the appliance hostname is changed, IWA will immediately stop working. To repair the IWA configuration, log onto Content Gateway Manager, unjoin the stale domain and join the domain with the new hostname.

Websense Web Security Log Server now supports SQL Server SSL encryption. However, if you are running TRITON – Web Security (manager) on the appliance (recommended only for evaluations and very small deployments), the connection from the console to the database cannot be encrypted. This means that if the Microsoft SQL Server "Force Protocol Encryption" option is set to Yes, no data will appear in the Web Security Dashboard or other reporting tools.

Backup and restore tips

When configuring schedule backups to a remote storage location (FTP server or Samba share), make sure that the account used for backup file creation has read and write permissions. If you plan to use the option to automatically delete backup files older than some period of time, you must use an account that has delete permissions for the backup file directory and its subdirectories.

In a multiple appliance deployment, after restoring the configuration of a Policy source appliance, restart any Filtering only or User directory and filtering appliances in your network to ensure that user requests are filtered correctly.