General Deployment Recommendations for Web Security > Network considerations
|
u Filtering Service can receive HTTP requests from Websense Content Gateway; an integrated firewall, proxy server, caching application; or Websense Network Agent.In a multi-segmented network, Filtering Service must be installed in a location where it can both receive and manage Internet requests from the integration product and communicate with Network Agent.
Must be deployed where it can see all internal Internet traffic for the machines that it is assigned to monitor.
Must have bidirectional visibility into Internet traffic to filter non-HTTP requests (such as instant messaging, chat, streaming media, and other Internet applications and protocols).
Multiple instances of Network Agent may be required in larger or distributed networks. Each Network Agent monitors a specific IP address range or network segment.Using multiple Network Agents ensures that all network traffic is monitored, and prevents server overload. The required number of Network Agents depends on network size and Internet request volume.
As a network grows and the number of Internet requests increases, components can be deployed to additional, non-dedicated machines to improve processing performance on the dedicated machines.
You can deploy multiple Filtering Service instances, connected to one Policy Server. This is useful for remote or isolated sub-networks.
Multiple Policy Servers may be necessary, because it is a best practice to have a maximum of 10 Filtering Service instances per Policy Server (see Filtering Services per Policy Server).
Network Agent can be deployed with the filtering components or on a separate machine. Network Agent should not be deployed on the same machine as response-critical components. For more information, see Deploying Network Agent.
Do not install Websense components on a domain controller or on a firewall machine.
General Deployment Recommendations for Web Security > Network considerations
|