Setting up the appliance

Email Security Gateway (V10000 G2) > Setting up the appliance

Setting up the appliance

Applies to

Email Security Gateway v7.6

Email Security Gateway Anywhere v7.6

V10000 G2

In this topic

Overview

Perform initial command-line configuration

Configure the appliance

Overview

Note

If you have already completed the appliance set up steps provided in the Websense V-Series Getting Started guide, skip to

The Quick Start poster, which comes in the shipping box with your appliance, shows you all items included in each Websense appliance shipping box. The 2-page Quick Start explains how to set up the hardware and shows how to connect the cables to the appliance and to your network.

Network interfaces C, E1, and E2 (if used) must be able to access a DNS server. These interfaces typically have continuous access to the Internet once the appliance is operational. Essential databases are downloaded from Websense servers through these interfaces.

Ensure that C, and E1 or E2 (if used), are able to access the download servers at download.websense.com.

Make sure that this address is permitted by all firewalls, proxy servers, routers, or host files that control the URLs that the C, E1, and E2 interfaces can access.

After hardware setup, connect directly to the appliance through the serial port or the monitor and keyboard ports. For serial port activation, use:

9600 bits per second

8 data bits

no parity

The activation script, called firstboot, runs when you start the appliance.

Continue on to the next section to complete the initial configuration.

Perform initial command-line configuration

The first time you start a Websense appliance, a brief script (firstboot) prompts you to supply settings for the network interface labeled C and a few other general items. You can run the script again if you want to examine your settings or change settings. You can also change settings through the Appliance Manager (user interface) after firstboot has been executed.

Gather the following information before running the script. Some of this information may have been written down on the Quick Start during hardware setup.

Hostname

IP address for network interface C

Subnet mask for network interface C

Default gateway for network interface C
(IP address) Optional

NOTE: If you do not provide access to the Internet for interface C, configure:

E1 or P1 to download antispam and antivirus database updates from Websense (Email Security mode)

Configuring these interfaces to access the Internet for database downloads is done through the Appliance Manager and through the TRITON Unified Security Center. See the Appliance Manager Help for information about configuring the interfaces. See the TRTION - Email Security Help for information about configuring database downloads.

Primary DNS server for network interface C
(IP address)

Secondary DNS server for network interface C
(IP address) Optional

Tertiary DNS server for network interface C
(IP address) Optional

Unified password (8 to 15 characters, at least 1 letter and 1 number)

This password is for the Appliance Manager.

When you have gathered the necessary information, run the initial command line configuration, as follows.

1.

Access the appliance through a USB keyboard and monitor or a serial port connection.

Note

To configure the appliance, connect through the serial port or the keyboard/video ports and complete the firstboot script. For serial port activation, use:

9600 bits per second

8 data bits

no parity

2.

Accept the subscription agreement when prompted.

3.

When asked if you want to begin, enter yes to launch the firstboot activation script.

NOTE: To rerun the script manually, enter the following command:

firstboot

4.

At the first prompt, select Email Security only mode.

5.

Follow the on-screen instructions to provide the information collected above.

After the activation script has been completed successfully, access the Appliance Manager. Open a supported browser, and enter this URL in the address bar:

http://<IP address>

Replace <IP address> with the address assigned to network interface C during initial configuration of the appliance.

Configure the appliance

The Appliance Manager is the Web-based configuration interface for the appliance. Through it you can view system status, configure network and communication settings, and perform general appliance administration tasks.

After completing the initial configuration required by the firstboot script, use the Appliance Manager to configure important settings for network interfaces E1, E2, P1, and P2 (E2, P1, and P2 are optional). Interfaces P1 and P2 can be bonded to E1 and E2, respectively, either for load balancing or active/standby.

Gather the following information before running the Appliance Manager. Some of this information may have been written on the Quick Start during hardware setup.

Primary NTP server
Optional

Be sure that interface C can access the NTP server. If interface C does not have Internet access, you can install an NTP server locally on a subnet that can be accessed by interface C.

Domain:

Secondary NTP server, (domain) Optional

Domain:

Tertiary NTP server, (domain) Optional

Domain:

IP address for network interface E1

IP address:

Subnet mask for network interface E1

Subnet mask:

Default gateway for network interface E1 and E2 (if used)

If you use both E1 and E2, the default gateway and DNS configuration are shared by both.

IP address:

Primary DNS server for network interface E1 and E2 (if used)

IP address:

Secondary DNS server for network interface E1 and E2 (if used)
Optional

IP address:

Tertiary DNS server for network interface E1 and E2 (if used)
Optional

IP address:

IP address for network interface E2

Required only if E2 is enabled

IP address:

Subnet mask for network interface E2

Required only if E2 is enabled

IP address:

Bond expansion interface P1 to E1? Yes or No
Optional

If Yes, choose one: Active/standby or Load balancing

Bond expansion interface P2 to E2? Yes or No
Optional

If Yes, choose one: Active/standby or Load balancing

After collecting the information needed, access the Appliance Manager through a supported browser.

Follow these steps to configure basic system and network interface settings. See the Appliance Manager Help for detailed instructions on any field or area, or for information about other available settings.

1.

Open a supported browser, and enter the following URL in the address bar:

https://<IP address>:9447/appmng

Replace <IP address> with the address assigned to network interface C during initial configuration of the appliance (see Perform initial command-line configuration).

For information about supported browsers, see System Requirements.

2.

Log on with the user name admin and the password set during initial appliance configuration.

3.

In the left navigation pane, click Configuration > System.

4.

Under Time and Date:

a.

Set the time zone.

b.

Set the time and date:

Automatically synchronize with an NTP server: select this option to use a Network Time Protocol server. Specify up to three NTP servers. Use of an NTP server is recommended, to ensure that database downloads and time-based policies are handled precisely.

Manually set time and date: select this option to enter a system time and date yourself.

c.

Click Save in the Time and Date area.

5.

In the left navigation pane, click Configuration > Network Interfaces.

6.

Under Websense Email Security Gateway Interfaces (E1 and E2), configure the E1 and E2 (optional) interfaces.

The E interfaces are used to accept users' requests (inbound traffic) and communicate with the Internet (outbound traffic).

To configure the E interfaces:

a.

Select whether E1 only or both E1 and E2 are used.

If you choose E1 only, enter configuration information (IP address, subnet mask, default gateway, DNS IP addresses) under E1.

If you choose E1 and E2, enter configuration information under both E1 and E2. Note that default gateway and DNS configuration (under Shared Setting) are shared between both E1 and E2.

b.

Click Save in the Websense Email Security Gateway Interfaces (E1 and E2) area when you are done.

When only E1 is used, it handles both inbound and outbound traffic.

Alternatively, you could use both E1 and E2 such that E1 handles inbound traffic and E2 handles outbound traffic.

See the Appliance Manager Help for more information about configuring E1 and E2.

7.

Under Expansion Interfaces (P1 and P2), choose whether to bond to P1 and P2 to E1 and E2.

Interfaces P1 and P2 can be cabled to your network and then bonded through software configuration to E1 and E2. If you choose to bond the interfaces, P1 must be bonded to E1 and P2 to E2. No other pairing is possible.

You can choose to bond or not bond E1 and E2 independently. You do not have to bond both. Also, you can choose different bonding modes for E1 and E2 (e.g., E1/P1 could be Active/Standby while E2/P2 could be Load balancing).

Make sure all interfaces are cabled properly before configuring bonding.

To bond P1 to E1:

a.

Under P1, select the check box for Bond to E1 interface.

b.

Under P1/E1 bonding mode, select:

Active/Standby: Select this for failover. E1 is active, and P1 is in standby mode. Only if the primary interface fails would its bonded interface (P1) become active.

Load balancing: Select this for load balancing. If your switch or router supports load balancing, then traffic to and from the primary interface is balanced between the primary interface (E1) and its bonded interface (P1).

c.

Click Save in the Expansion Interfaces (P1 and P2) area.

To bond P2 to E2:

Follow the instruction above for bonding E1 to P1, substituting E2 in place of E1 and P2 in place of P1. Make sure E2 is enabled. Otherwise the P2 options will be inactive. (See Step 6 for instructions on activating E2.)

8.

Configure routes if necessary:

a.

In the left navigation pane, click Configuration > Routing.

b.

Under Static Routes, use the Add/Import button to specify customized, static routes.

c.

Under Module Routes, use the Add button to specify non-management Web Security or Email Security traffic through the C interface.

d.

For either static or module routes, use the Delete button to remove existing routes, if necessary.

Note

An existing route cannot be edited. If you want to edit a route, delete it and then use the Add/Import (static) or Add (module) button to specify the route with the changes you want.

See the Appliance Manager Help for more information about static and module routes.

9.

Click Log Off, at the top right, when you are ready to log off Appliance Manager.

	Note If you have already completed the appliance set up steps provided in the Websense V-Series Getting Started guide, skip to

Primary NTP server Optional Be sure that interface C can access the NTP server. If interface C does not have Internet access, you can install an NTP server locally on a subnet that can be accessed by interface C.	Domain:
Secondary NTP server, (domain) Optional	Domain:
Tertiary NTP server, (domain) Optional	Domain:
IP address for network interface E1	IP address:
Subnet mask for network interface E1	Subnet mask:
Default gateway for network interface E1 and E2 (if used) If you use both E1 and E2, the default gateway and DNS configuration are shared by both.	IP address:
Primary DNS server for network interface E1 and E2 (if used)	IP address:
Secondary DNS server for network interface E1 and E2 (if used) Optional	IP address:
Tertiary DNS server for network interface E1 and E2 (if used) Optional	IP address:
IP address for network interface E2 Required only if E2 is enabled	IP address:
Subnet mask for network interface E2 Required only if E2 is enabled	IP address:
Bond expansion interface P1 to E1? Yes or No Optional	If Yes, choose one: Active/standby or Load balancing
Bond expansion interface P2 to E2? Yes or No Optional	If Yes, choose one: Active/standby or Load balancing

	Note An existing route cannot be edited. If you want to edit a route, delete it and then use the Add/Import (static) or Add (module) button to specify the route with the changes you want.

Quick Links

Email Security Gateway (V10000 G2) > Setting up the appliance