Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Library Search:


Go to the table of contents Go to the previous page Go to the next page Go to the index
Citrix Integration > Filtering Citrix server users

Filtering Citrix server users
Applies to
*
Web Filter v7.6
*
Web Security v7.6
*
Web Security Gateway v7.6
In this topic
*
Overview
*
Filtering both Citrix and non-Citrix users
Overview
Websense Web Filter or Web Security integrated with a Citrix server can monitor individual Citrix users for HTTP, HTTPS, FTP, and SSL. Network Agent can be used to filter other protocols, based on policies set for the server.
The machines running as Citrix servers communicate with Websense Filtering Service using a Websense component called the Citrix Integration Service, which is installed on the Citrix server machine.
When Websense Web Filter or Web Security is integrated with Citrix:
*
The number of Citrix servers per Filtering Service may vary, and depends on user load.
The recommended maximum is up to 10 Citrix servers per Filtering Service.
*
The Filtering Service and Network Agent monitoring Citrix traffic should be installed on a dedicated machine, and not on a Citrix server.
*
The Filtering Service and Network Agent monitoring Citrix traffic use the same Policy Broker, Policy Server, User Service, and other Websense components that are used to monitor non-Citrix traffic.
*
Separate Network Agents must be used to monitor non-Citrix traffic.
*
Do not configure a separate Websense integration to filter HTTP, HTTPS, FTP, or SSL requests from Citrix servers.
*
If you want to use Network Agent to filter protocol traffic from the Citrix Servers:
*
Network Agent must be located where it can see all of the traffic between the Citrix servers and the Filtering Service instances. For example, the machine running Network Agent could be connected to a span port on the same network switch as the machines running Filtering Service.
*
If the Citrix server is configured to use virtual IP addresses, configure Network Agent to monitor the entire range of the IP addresses. Also, a single policy should be set for this range. See the Network Configuration topic in TRITON - Web Security Help for instructions on configuring IP ranges for Network Agent.
*
If you are running Websense Web Filter or Web Security in stand-alone mode, a separate instance of Network Agent must be installed to monitor users of the Citrix servers. Do not monitor non-Citrix traffic with this Network Agent.
While Network Agent can be used to filter protocols for Citrix, user-based and group-based policies cannot be applied. Policies can be applied to individual computers and network ranges, identified by IP addresses or IP address ranges. Otherwise, the Default policy is applied to all users.
Also, Network Agents monitoring non-Citrix traffic (users who access the Internet without going through a Citrix server) must not be used to monitor Citrix traffic.
This diagram shows a typical deployment to filter users who access the Internet through a Citrix server. To simplify the diagram, not all individual Websense components are shown.
The main Websense filtering components are installed on a separate, dedicated machine that can communicate with all of the Citrix server machines, and non-Citrix users, if applicable. The Websense Citrix Integration Service must be installed on each Citrix server to allow it to communicate with Filtering Service. No other Websense components should be installed on the Citrix server machines.
Filtering both Citrix and non-Citrix users
If your network includes some users who access the Internet via a Citrix server, and others who access the Internet through another gateway (firewall, caching appliance, or proxy server), the integrations can be configured to work together.
*
To install the Citrix Integration Service on a Citrix Server, see .
*
If you have Citrix users and non-Citrix users in your network, the same Websense components, except for Network Agent, can be used for both sets of users. A separate installation of Network Agent is needed for the Citrix users. See Installing Web Security to integrate with Citrix for instructions.
*
To configure the Websense components installed with the non-Citrix integration to communicate with Citrix, refer to the section pertaining to your integration in Combining Citrix with another integration.

Quick Links



Go to the table of contents Go to the previous page Go to the next page Go to the index
Citrix Integration > Filtering Citrix server users
(c) 2011 Websense, Inc. All Rights Reserved.