Deployment and Installation Center
Websense TRITON Enterprise v7.6.x

Library Search:


Go to the table of contents Go to the previous page Go to the next page Go to the index
Web Security Distributed Enterprise Deployments > Web Security filtering remote sites

Web Security filtering remote sites
Applies to
*
Web Filter v7.6
*
Web Security v7.6
*
Web Security Gateway v7.6
*
Web Security Gateway Anywhere v7.6
In this topic
*
Websense Web Security or Web Security Gateway
*
Websense Web Security Gateway Anywhere
Websense Web Security or Web Security Gateway
In centralized organizations that route all outbound Internet requests through a single large Internet connection, the servers running Websense software are normally placed physically close to the firewall, proxy server, or network appliance.
Remote sites in a distributed enterprise have a direct local connection to the Internet, and no centralized point of control.
Rather than deploying Websense software at each remote-site firewall, you can deploy Websense components in a geographically central location. Since Websense software is accessible from the Internet, the Websense components should be protected by a firewall that allows URL lookup requests to pass through.
Filtering is performed by the Websense components at the main site. Remote sites must be equipped with a firewall that can be integrated with Websense software (configured to check with Websense software to permit or block Web requests), or an instance of Websense Network Agent must be deployed at the remote site. Firewall is used here as a generic term to refer to a firewall, gateway, or proxy.
Websense, Inc. has tested this configuration in cooperation with several of its integration partners. The same deployment methodology described here can be used with any supported network security product integrated with Websense software. A full list of supported integration products can be found at:
www.websense.com/global/en/Partners/TAPartners/SecurityEcosystem/
Centralized filtering:
*
Provides distributed enterprises with Websense filtering for each remote site.
*
Eliminates the need for a separate Websense software installation at each location.
*
Provides uniform filtering policies at each remote site.
*
Eliminates the cost of additional hardware to provide filtering servers at each remote site.
*
Allows the enterprise to centrally configure, administer, and maintain a limited number of Websense filtering machines.
The following illustration shows a typical sequence of events in filtering a client machine at a remote site.
User requests a Web page.
Local firewall checks the URL of the requested page with Websense Web Security/Web Security Gateway over the Internet.
Websense Web Security/Web Security Gateway responds over the Internet, indicating whether the request should be permitted or blocked.
Local firewall permits or blocks the request as directed.
 
Note the preceding illustration is a simplified diagram showing the main conceptual sequence of events. Do not install any Websense components on a domain controller.
Details of Websense component distribution and placement in the corporate network, network routing and internal firewall usage, segmentation of networks, and so forth are addressed in other sections of the Deployment Center.
In the case of multiple remote sites, each remote site communicates with Websense components at the main site in the same manner shown above.
Off-site user machines are filtered by deploying Websense Remote Filtering Server at the main site. Websense Remote Filtering Client is installed on each off-site machine to be filtered. See Remote Filtering Software technical paper for details.
Websense Web Security Gateway Anywhere
In a Web Security Gateway Anywhere deployment, remote sites can be filtered by the hybrid service rather than the Websense software or appliance at the main site.
Network latency issues are addressed by the fact that a remote site and off-site users are filtered by the nearest Websense hybrid service cluster.
The following illustration shows how remote-site filtering works in Web Security Gateway Anywhere. Remote site client machines are filtered by the hybrid service directly rather than instructing the local firewall to permit or block a request. A user's request for a Web page is directed to the hybrid service, which permits or blocks the request based on the applicable policy.
Policy settings are defined at the main site and uploaded automatically to the hybrid service at preset intervals. User information, for user- or group-based filtering, is also uploaded.
Log data for reporting is downloaded from the hybrid service to the main site automatically and is incorporated into the Websense Log Database (at the main site). Thus, reports can cover users at all offices.
Off-site users are filtered by the hybrid service as well. Alternatively, off-site users can be filtered using Websense Remote Filtering Server (deployed at the main site). In that case, Websense Remote Filtering Client must be installed on each off-site user's machine. See Remote Filtering Software technical paper for details.

Quick Links



Go to the table of contents Go to the previous page Go to the next page Go to the index
Web Security Distributed Enterprise Deployments > Web Security filtering remote sites
(c) 2011 Websense, Inc. All Rights Reserved.