The Quick Start poster, which comes in the shipping box with your appliance, shows you all items included in each Websense appliance shipping box. The 2-page Quick Start explains how to set up the hardware and shows how to connect the cables to the appliance and to your network.
Network interfaces C, P1, E1, and E2 (if used) must be able to access a DNS server. These interfaces typically have continuous access to the Internet. Essential databases are downloaded from Websense servers through these interfaces.
The first time you start a Websense appliance, a brief script (firstboot) prompts you to supply settings for the network interface labeled C and a few other general items. You can run the script again if you want to examine your settings or change settings. You can also change settings through the Appliance Manager (user interface) after firstboot has been executed.
|
|
|
|
|
|
Configuring these interfaces to access the Internet for database downloads is done through the Appliance Manager and through the TRITON Unified Security Center. See the Appliance Manager Help for information about configuring the interfaces. See the TRTION - Web Security and - Email Security Help for information about configuring database downloads.
|
|
|
|
|
|
|
|
|
|
After the activation script has been completed successfully, use the Logon Portal to access the Appliance Manager. To reach the
Logon Portal, open a supported browser, and enter this URL in the address bar:
After completing the initial configuration required by the firstboot script, use the Appliance Manager to configure important settings for network interfaces P1, P2, N, E1, and E2 (P2, N, and E2 are optional).
While the E1/E2 and P1/P2 interfaces can be bonded to each other if the V10000 G2 runs in either
Web Security only or
Email Security only modes, they cannot be bonded when the appliance is in
Web and Email Security mode.
If you use the P2 interface, the P1 interface is bound to eth0, and the P2 interface is bound to eth1. Keep this in mind when you configure Websense Content Gateway. For example, suppose you are using a transparent proxy deployment, and the P1 interface is connected to a WCCPv2 router. In this case, you must configure Websense Content Gateway to use eth0 for WCCP communications (in Content Gateway Manager, see
Configure > Networking > WCCP,
General tab).
Be sure that interface C can access the NTP server. If interface C does not have Internet access, you can install an NTP server locally on a subnet that can be accessed by interface C.
|
|
|
|
|
|
|
|
|
|
If you use both P1 and P2, the default gateway is automatically assigned to P2 (which is bound to eth1). To ensure that outbound packets can reach the Internet, do not locate the IP addresses of P1 and P2 in the same subnet.
|
|
|
|
|
|
|
|
|
|
|
|
Choose interface for transporting blocking information for non-HTTP and non-HTTPS traffic
|
|
|
|
|
|
|
|
Default gateway for network interface NRequired only if network interface N carries blocking information
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Follow these steps to enable default proxy caching, and Web and email filtering. See the Appliance Manager Help for detailed instructions on any field or area, or for information about other available settings.
|
Automatically synchronize with an NTP server: select this option to use a Network Time Protocol server. Specify up to three NTP servers. Use of an NTP server is recommended, to ensure that database downloads and time-based policies are handled precisely.
|
c.
|
Click Save in the Time and Date area.
|
6.
|
Under Websense Content Gateway Interfaces, configure the P1 and P2 (optional) interfaces.
|
If you choose P1 and P2, enter configuration information under both P1 and
P2. Note that default gateway and DNS configuration (under
Shared Setting) are shared between both P1 and P2.
b.
|
Click Save in the Websense Content Gateway Interfaces area when you are done.
|
Alternatively, you could use both P1 and P2 such that P1 handles inbound traffic and P2 handles outbound traffic. To enable this configuration, be sure to set appropriate routing rules for P1 and P2 on the
Configuration > Routing page. For example, you might set outbound traffic to go through P2.
Additionally, you can use P1 as a communication channel for multiple Content Gateway servers in a cluster. In this scenario, P1 should not be used for outbound traffic. For additional information on clusters, see the Content Gateway Manager Help.
7.
|
Under Network Agent Interface (N), configure the N interface.
|
The N interface is used by the Network Agent module. It must be connected to a span (or mirror) port on a switch allowing it to monitor the Internet requests going through the switch. (Note: be sure to configure the switch so the span port is monitoring all the ports carrying the traffic of interest; see your switch manufacturer's documentation for configuration instructions). For non-HTTP/HTTPS protocols, the N interface can also be used to send block information to enforce policy.
a.
|
Under Send blocking information for non-HTTP/HTTPS traffic via, select whether non-HTTP/HTTPS blocking information is sent via the C or N interface.
|
c.
|
Click Save in the Network Agent Interface (N) area.
|
8.
|
Under Websense Email Security Gateway Interfaces (E1 and E2), configure the E1 and E2 (optional) interfaces.
|
If you choose E1 and E2, enter configuration information under both E1 and
E2. Note that default gateway and DNS configuration (under
Shared Setting) are shared between both E1 and E2.
b.
|
Click Save in the Websense Email Security Gateway Interfaces (E1 and E2) area when you are done.
|
|
Choose Full policy source if Websense Policy Broker and Policy Database for your deployment will run on the appliance being configured. (Only one appliance in the network runs these two components, as well as the other filtering components.) Policy Server must also be run on the full policy source appliance; Policy Server can run in multiple locations.
|
|
If Policy Broker runs on an appliance, only on-appliance instances of Policy Server can communicate with Policy Broker. In this case, Policy Server cannot be installed off-appliance. If Policy Broker is installed off-appliance, however, both on-appliance and off-appliance instances of Policy Server can communicate with it.
|
|
Choose User directory and filtering if the appliance currently being configured is not the location of the policy information, but will run Policy Server and User Service. Then, enter the IP address of the server that is used as the full policy source—a machine running Policy Broker. (If the full policy source is another appliance, enter the IP address of its C network interface.)
|
|
Choose Filtering only if the appliance being configured will not run any policy components. (There are some disadvantages to this reduced role, as explained in the Appliance Manager help system.) Then, enter the IP address of the server that is used as the policy source—a machine running Policy Server. The policy source can also be another appliance in full policy source or user directory and filtering mode. In this case, enter the IP address of the appliance's C network interface.
|
12.
|
Click Log Off, at the top right, when you are ready to log off Appliance Manager.
|