![]() |
![]() |
![]() |
![]() |
Choosing and Deploying Data Security Agents > Troubleshooting Data Security agent deployment
|
Though the installation and deployment of agents is normally a series of clear-cut steps, occasionally, some problems can arise. Below are how to resolve common problem scenarios.
![]()
Make sure you can ping the Data Security agents by IP and by host name from the TRITON Management Server.
![]()
On Windows, run the following command (in a Command Prompt) to check for block ports:Each line displayed in response to the command is a blocked port. This command is one-way. Run it on both the agent machine and the TRITON Management Server.
![]()
Make sure no duplicate certificates are installed on the agents' servers; if there are duplications, delete all of them and re-register the agent. Also, make sure the system date/time of the agent machine and the TRITON Management Server are the same. The following certificates are expected:Certificate > My User Account > Trusted Root Certification Authorities > Certificates > ws-ilp-caCertificates > Computer > Trusted Root Certification Authorities > Certificates > ws-ilp-caProtector — if domain name is configured, the FQDN is: protectorname.domain.nameAgents and Data Security server — check "My Computer" properties and copy the computer name value from there.
![]()
Make sure you can ping the agents by IP and by host name from the TRITON Management Server.
![]()
Restart the Websense TRITON - Data Security service on the TRITON Management Server.Although routes can be added with the built in kernel route command, it is strongly recommended that the /opt/websense/neti/bin/route command is used instead. If the kernel route (/sbin/route) is used, the added routes will be lost after rebooting./opt/websense/neti/bin/route writes the routes to a file /opt/pa/conf/route so that on subsequent reboots the route information is re-submitted to the protector.
Usage:route [list]
route add {destination network | destination ip} {via {ip}|dev {device}}
route del {destination network | destination ip} {via {ip}|dev {device}}
network=ip/prefix~@protector7# /opt/websense/neti/bin/route add 192.168.1.0/24 via 10.212.254.254 dev br0
~@protector7# /opt/websense/neti/bin/route list
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 10.212.254.254 255.255.255.0 UG 0 0 0 br0
10.212.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.212.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
0.0.0.0 10.212.254.254 0.0.0.0 UG 0 0 0 eth0
![]() |
![]() |
![]() |
![]() |
Choosing and Deploying Data Security Agents > Troubleshooting Data Security agent deployment
|