Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Library Search:


Go to the table of contents Go to the previous page Go to the next page Go to the index
Deploying Network Agent > Switched networks with a single Network Agent

Switched networks with a single Network Agent
Applies to
*
Web Filter v7.6
*
Web Security v7.6
*
Web Security Gateway v7.6
*
Web Security Gateway Anywhere v7.6
Switched networks with a single Network Agent
A switch is a bridge that routes traffic between network segments. It prevents all traffic from going to all segments, reducing network congestion. Because not all traffic going through a switch is visible to all devices on the network, the machine running Network Agent must be connected at a point where it can monitor all Internet traffic for the network.
Connect the Network Agent machine to the port on the switch that mirrors, monitors, or spans the traffic on the gateway or firewall port. The span or mirror port sees all the traffic that leaves each network segment.
 
* 
Note 
Not all switches support bidirectional port spanning or mirroring. Contact the switch vendor to verify that spanning or mirroring is available, and for configuration instructions.
If bidirectional communication is not available, at least 2 network interface cards (NICs) are needed to monitor traffic and communicate with other Websense components.
If port spanning is not available, Network Agent cannot properly monitor the network.
The following illustration shows a network with a single switch. The Network Agent machine is attached to the port that mirrors all traffic from connected clients. Subsequent illustrations show multiple switch and multiple subnetwork configurations.
The following illustration shows the use of additional switches to create 2 network segments. All Internet traffic from these network segments must pass through Switch #3, to which Network Agent is attached. In a multiple-switch environment, failure to enable port spanning or mirroring could result in missed filtering and inaccurate reports.
 
The following illustration also contains multiple network segments. A remote office is filtered by installing another instance of Network Agent and configuring it to communicate with the Filtering Service at the main office.
To improve performance, Network Agent can be deployed on its own, dedicated machine. Network Agent can also be positioned closer to the clients, as shown in the illustration Switched networks with multiple Network Agents.

Quick Links



Go to the table of contents Go to the previous page Go to the next page Go to the index
Deploying Network Agent > Switched networks with a single Network Agent
(c) 2011 Websense, Inc. All Rights Reserved.