Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Library Search:


Go to the table of contents Go to the previous page Go to the next page Go to the index
Choosing and Deploying Data Security Agents > Troubleshooting Data Security agent deployment

Troubleshooting Data Security agent deployment
Applies to
*
Data Security v7.6.x
In this topic
*
Overview
*
Initial registration fails
*
Deploy settings fails
*
Subscription errors
*
Network connectivity problems
Overview
Though the installation and deployment of agents is normally a series of clear-cut steps, occasionally, some problems can arise. Below are how to resolve common problem scenarios.
Initial registration fails
*
Make sure you can ping the Data Security agents by IP and by host name from the TRITON Management Server.
*
On Windows, run the following command (in a Command Prompt) to check for block ports:
netstat 1 -na | find "SYN"
Each line displayed in response to the command is a blocked port. This command is one-way. Run it on both the agent machine and the TRITON Management Server.
*
Check the service log on the TRITON Management Server (and remote policy engines).
*
Check /opt/websense/neti/log on the protector.
*
Make sure no duplicate certificates are installed on the agents' servers; if there are duplications, delete all of them and re-register the agent. Also, make sure the system date/time of the agent machine and the TRITON Management Server are the same. The following certificates are expected:
Certificate > My User Account > Trusted Root Certification Authorities > Certificates > ws-ilp-ca
Certificates > Computer > Personal Certificates ><servername>(issued by ws-ilp-ca)
Certificates > Computer > Trusted Root Certification Authorities > Certificates > ws-ilp-ca
*
Make sure the FQDN value of the agent states the full server name for the agent's server.
Protector — if domain name is configured, the FQDN is: protectorname.domain.name
Agents and Data Security server — check "My Computer" properties and copy the computer name value from there.
Deploy settings fails
*
Make sure you can ping the agents by IP and by host name from the TRITON Management Server.
*
Check the service log on the TRITON Management Server (and remote policy engines).
*
Check the plat.log on the protector.
Subscription errors
*
Restart the Websense TRITON - Data Security service on the TRITON Management Server.
*
Check dlp-all.log.
Network connectivity problems
In complex networks, network connectivity may require routes added to the inline protector.
Although routes can be added with the built in kernel route command, it is strongly recommended that the /opt/websense/neti/bin/route command is used instead. If the kernel route (/sbin/route) is used, the added routes will be lost after rebooting.
/opt/websense/neti/bin/route writes the routes to a file /opt/pa/conf/route so that on subsequent reboots the route information is re-submitted to the protector.
Usage:
route: Add/delete routing information
Usage:
route [list]
route add {destination network | destination ip} {via {ip}|dev {device}}
route del {destination network | destination ip} {via {ip}|dev {device}}

network=ip/prefix
Example:
~@protector7# /opt/websense/neti/bin/route add 192.168.1.0/24 via 10.212.254.254 dev br0
~@protector7# /opt/websense/neti/bin/route list
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 10.212.254.254 255.255.255.0 UG 0 0 0 br0
10.212.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.212.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
0.0.0.0 10.212.254.254 0.0.0.0 UG 0 0 0 eth0

Quick Links



Go to the table of contents Go to the previous page Go to the next page Go to the index
Choosing and Deploying Data Security Agents > Troubleshooting Data Security agent deployment
(c) 2011 Websense, Inc. All Rights Reserved.