Changing the IP Address, Host Name, or Domain of the TRITON Management Server > Re-registering Websense Data Security components

Re-registering Websense Data Security components

Applies to

Websense Web Security Gateway Anywhere 7.6

Websense Data Security 7.6

Websense Email Security Gateway 7.6

Websense Email Security Gateway Anywhere 7.6

In this topic

Overview

Data Security servers and agents

Protector

Websense Content Gateway

Overview

You must re-register all Data Security servers, agents, and protectors when you change the IP address, host name, or domain of the TRITON management server.

Before you start, make sure you know the user name and password of a Data Security administrator who has an access role with System Modules privileges.

Data Security servers and agents

Go to each Data Security server and machine with a Data Security agent installed and do the following:

1.	Launch the Websense installer.

2.	In the installer, for Data Security, select the Modify link.

3.	Accept the defaults in the installer screens and click Next, until you reach the Register with the Data Security Server screen.

4.	In the Register with the Data Security Server screen, enter the new IP address of the TRITON management server along with the user name and password of a TRITON administrator.

When the installers finish:

1.	Log onto TRITON - Data Security, navigate to Settings > Deployment > System Modules and verify that the components appears in the tree view.

2.	Click Deploy.

Protector

1.	Log onto each protector as root.

2.	Run "wizard securecomm".

3.	Enter the Data Security Management Server's IP address along with the user name and password of a Data Security administrator with System Modules privileges.

4.	Log onto TRITON - Data Security, navigate to Settings > Deployment > System Modules and verify that the protector appears in the tree view.

5.	Click Deploy.

Websense Content Gateway

To enable data loss prevention over Web channels, you must connect the Content Gateway module of your Web security solution to the Data Security Management Server. Follow these steps to establish that connection:

1.	Ensure that Content Gateway and Data Security Management Server systems are running and accessible, and that their system clocks are approximately synchronized.

2.	Ensure the Content Gateway machine has a fully qualified domain name (FQDN) that is unique in your network. Host name alone is not sufficient.

3.	If Content Gateway is deployed as a transparent proxy, ensure that traffic to and from the communication interface ("C" on a V-Series appliance) is not subject to transparent routing. If it is, the registration process will be intercepted by the transparent routing and will not complete properly.

4.	Make sure that the IPv4 address of the eth0 NIC on the Content Gateway machine is available (not required if Content Gateway is located on a V-Series appliance). Data Security Management Server uses the eth0 NIC during the registration process.

After registration, the IP address can move to another network interface on the same machine; however, that IP address is used for configuration deployment and must be available as long as the 2 modules are registered.

5.	From the Content Gateway Manager, select Configure > Basic > General.

6.	Make sure Data Security is turned on (the On radio button and Integrated on-box must be selected). Now click the Not Registered link. This opens the Configure > Security > Data Security registration screen.

7.	Enter the IP address of the Data Security Management Server.

8.	Enter a user name and password for a Data Security administrator with Manage System Modules privileges.

9.	Click Register. You are reminded to synchronize the system time between the proxy machine and the Data Security Management Server.

10.	If registration succeeds, a Data Security Configuration page displays. Set the following configuration options:

a.	Analyze FTP Uploads: Enable this option to send FTP uploads to Data Security for analysis and policy enforcement.

b.	Analyze Secure Content: Enable this option to send decrypted HTTPS posts to Data Security for analysis and policy enforcement.

These options can be accessed whenever Data Security is registered by going to the Configure > Security > Data Security > General page.

11.	Click Apply.

12.	Restart Content Gateway.

13.	Deploy the Content Gateway module by clicking Deploy in the TRITON - Data Security user interface.

Troubleshooting the connection

This section contains troubleshooting tips for problems registering the Content Gateway with Data Security.

If you cannot register Websense Content Gateway with the Data Security Management Server (you receive an error in Content Gateway Manager) be sure that you can ping the Data Security Management Server from the proxy machine. (Go to the Linux command line and ping the IP address of the Data Security Management Server.)

If the ping fails, make sure that you have the correct IP address for the Data Security Management Server by going to that machine and running ipconfig from the command line.

If the proxy is on a V-Series appliance, try pinging the IPv4 address of the appliance's C interface from the Data Security Management Server.

If the proxy is not on a Websense appliance, try pinging the IPv4 address of the Content Gateway host system eth0 network interface from the Data Security Management Server. The registration process requires that Content Gateway is reachable on eth0. After registration, the IP address may move to another network interface on the system, but that IP address must remain available while the 2 modules are being registered.

If Content Gateway is deployed as a transparent proxy and the communication interface ("C" on a V-Series appliance) is subject to transparent routing, the registration process was likely intercepted by the transparent routing and prevented from completing. Ensure that traffic to and from the communication interface is not subject to transparent routing.

If registration still fails, make sure that neither the proxy machine nor the Data Security Management Server has a machine name with a hyphen in it. This has been known to cause registration problems.

And make sure the Content Gateway machine has a fully qualified domain name (FQDN) that is unique in your network. Host name alone is not sufficient to register the proxy with the Data Security Management Server.

Changing the IP Address, Host Name, or Domain of the TRITON Management Server > Re-registering Websense Data Security components