Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Go to the table of contents Go to the previous page Go to the next page Go to the index
Chaining Content Gateway with other Proxies

Chaining Content Gateway with other Proxies
You can configure the Blue Coat proxy to send X-Forwarded-For and X-Authenticated-User headers for Websense Content Gateway to read either by manually editing a policy text file or defining the policy in a Blue Coat graphical interface called Visual Policy Manager.
In the Blue Coat Management Console Configuration tab, click Policy in the left column and select Policy Files. Enter the following code in the current policy text file, using an Install Policy option:
action.Add[header name for authenticated user](yes)
define action dd[header name for authenticated user]
end action Add[header name for authenticated user]
action.Add[header name for client IP](yes)
define action dd[header name for client IP]
end action Add[header name for client IP]
Before you configure the Blue Coat header policy, ensure that NTLM authentication is specified in the Blue Coat Visual Policy Manager (Authentication > Windows SSO). Set Websense Content Gateway as the forwarding host (in the Blue Coat Management Console Configuration tab, Forwarding > Forwarding Hosts).
In the Blue Coat Management Console Configuration tab, click Policy and select Visual Policy Manager. Click Launch and configure the header policy as follows:
1.
In the Policy menu, select Add Web Access Layer and enter an appropriate policy name in the Add New Layer dialog box.
2.
Select the Web Access Layer tab that is created.
5.
Click New in the Set Action Object dialog box and select Control Request Header from the menu.
7.
Enter X-Forwarded-For in the Header Name entry field.
8.
Select the Set value radio button and enter the following value:
9.
10.
Click New and select Control Request Header again.
11.
In the Add Control Request Header Object dialog box, enter a name for the authenticated user information Action object in the Name entry field.
12.
Enter X-Authenticated-User in the Header Name entry field.
13.
Select the Set value radio button and enter the following value:
14.
15.
Click New and select Combined Action Object from the menu.
19.
Click Install Policy in the Blue Coat Visual Policy Manager.
Microsoft Internet Security and Acceleration (ISA) server and Forefront Threat Management Gateway (TMG)
Microsoft ISA server or Forefront TMG can be used as a downstream proxy from Websense Content Gateway via a plug-in from Websense, Inc. This plug-in allows Websense Content Gateway to read the X-Forwarded-For and X-Authenticated-User headers sent by the downstream ISA server or Forefront TMG.
*
Websense-AuthForward.ISAPI32.zip for 32-bit ISA servers
*
Websense-AuthForwardTMG_Plugin-64.zip for 64-bit Forefront TMG
1.
Unzip the package and copy the appropriate Websense-AuthForward.dll file (for 32-bit or 64-bit) to the Microsoft ISA or Forefront TMG installation directory. (For example, for ISA the default directory is C:\Program Files\Microsoft ISA Server)
For the ISA version, in addition to Websense-AuthForward.dll, install the following files in the ISA installation directory :
Microsoft.VC90.CRT.manifest
msvcm90.dll
msvcp90.dll
msvcr90.dll
4.
Verify the plug-in was registered in the ISA or Forefront TMG management user interface (For example, Start > Programs > Microsoft ISA Server > ISA Server Management). In the Configuration (for 32-bit) or System (for 64-bit) section, select Add-ins, then click the Web-filter tab. The WsAuthForward plug-in should be listed.


Go to the table of contents Go to the previous page Go to the next page Go to the index
Chaining Content Gateway with other Proxies