Choosing and Deploying Data Security Agents > Troubleshooting Data Security agent deployment
|
Though the installation and deployment of agents is normally a series of clear-cut steps, occasionally, some problems can arise. Below are how to resolve common problem scenarios.
Make sure you can ping the Data Security agents by IP and by host name from the TRITON Management Server.
On Windows, run the following command (in a Command Prompt) to check for block ports:Each line displayed in response to the command is a blocked port. This command is one-way. Run it on both the agent machine and the TRITON Management Server.
Make sure no duplicate certificates are installed on the agents' servers; if there are duplications, delete all of them and re-register the agent. Also, make sure the system date/time of the agent machine and the TRITON Management Server are the same. The following certificates are expected:Certificate > My User Account > Trusted Root Certification Authorities > Certificates > ws-ilp-caCertificates > Computer > Trusted Root Certification Authorities > Certificates > ws-ilp-caProtector — if domain name is configured, the FQDN is: protectorname.domain.nameAgents and Data Security server — check "My Computer" properties and copy the computer name value from there.
Make sure you can ping the agents by IP and by host name from the TRITON Management Server.
Restart the Websense TRITON - Data Security service on the TRITON Management Server.Although routes can be added with the built in kernel route command, it is strongly recommended that the /opt/websense/neti/bin/route command is used instead. If the kernel route (/sbin/route) is used, the added routes will be lost after rebooting./opt/websense/neti/bin/route writes the routes to a file /opt/pa/conf/route so that on subsequent reboots the route information is re-submitted to the protector.
Usage:route [list]
route add {destination network | destination ip} {via {ip}|dev {device}}
route del {destination network | destination ip} {via {ip}|dev {device}}
network=ip/prefix~@protector7# /opt/websense/neti/bin/route add 192.168.1.0/24 via 10.212.254.254 dev br0
~@protector7# /opt/websense/neti/bin/route list
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 10.212.254.254 255.255.255.0 UG 0 0 0 br0
10.212.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.212.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
0.0.0.0 10.212.254.254 0.0.0.0 UG 0 0 0 eth0
Choosing and Deploying Data Security Agents > Troubleshooting Data Security agent deployment
|