Go to the table of contents Go to the previous page Go to the next page
Installing Web Security solutions > Installing via the Web Security All option
Installing via the Web Security All option
Deployment and Installation Center | Web Security Solutions | Version 7.8.x
Follow these instructions to perform a Web Security All installation which installs all Web Security management and core policy enforcement components on one Windows machine.
On the Welcome screen, click Start.
The Installer Dashboard remains on screen throughout the installation process.
On the Subscription Agreement screen, select I accept this agreement and then click Next.
On the Installation Type screen, select Websense Web Security All.
On the Summary screen, click Next to continue the installation.
On the SQL Server screen, select Use existing SQL Server on another machine, then specify the location and connection credentials for a database server located elsewhere in the network.
Enter the Hostname or IP address of the SQL Server machine, including the instance name, if any, and the Port to use for SQL Server communication.
If you are using a named instance, the instance must already exist.
If you are using SQL Server clustering, enter the virtual IP address of the cluster.
Specify whether to use SQL Server Authentication (a SQL Server account) or Windows Authentication (a Windows trusted connection), then provide the User Name or Account and its Password.
If you use a trusted account, an additional configuration step is required after installation to ensure that reporting data can be displayed in the Web Security manager. See Configuring Websense Apache services to use a trusted connection.
Click Next. The installer verifies the connection to the database engine. If the connection test is successful, the next installer screen appears.
If the test is unsuccessful, the following message appears:
Unable to connect to SQL
Make sure the SQL Server you specified is currently running. If it is running, verify the access credentials you supplied
Click OK to dismiss the message, verify the information you entered, and click Next to try again.
Select an IP address for this machine. If this machine has a single network interface card (NIC), only one address is listed.
Administrators will use this address to access the TRITON console (via a web browser), and Websense component on other machines will use the address to connect to the TRITON management server.
Specify the Server or domain of the user account to be used by TRITON Infrastructure and TRITON Unified Security Center. The name cannot exceed 15 characters.
Specify the User name of the account to be used by TRITON Unified Security Center.
Enter the Password for the specified account.
On the Administrator Account screen, enter an email address and password for the default TRITON console administration account: admin. When you are finished, click Next.
System notification and password reset information is sent to the email address specified (once SMTP configuration is done; see next step).
It is a best practice to use a strong password as described on screen.
On the Email Settings screen, enter information about the SMTP server to be used for system notifications and then click Next. You can also configure these settings after installation in the TRITON console.
If you do not configure an SMTP server now and you lose the admin account password (set on previous screen) before the setup is done in the TRITON console, the "Forgot my password" link on the logon page does not provide password recovery information. SMTP server configuration must be completed before password recovery email can be sent.
IP address or hostname: IP address or host name of the SMTP server through which email alerts should be sent. In most cases, the default Port (25) should be used. If the specified SMTP server is configured to use a different port, enter it here.
Sender email address: Originator email address appearing in notification email.
Sender name: Optional descriptive name that can appear in notification email. This is can help recipients identify this as a notification email from the TRITON Unified Security Center.
If the following message appears, check to see if port 9443 is already in use on this machine:
Error 1920. Server 'Websense TRITON Central Access' (EIPManagerProxy) failed to start. Verify that you have sufficient privileges to start system services.
If port 9443 is in use, release it and then click Retry to continue installation.
You are returned to the Installer Dashboard and, after a few seconds, the Web Security component installer launches.
If the Multiple Network Interfaces screen appears, select the NIC that Websense components should use to communicate with Websense components on other machines, then click Next. (Prior to 7.8.2, this screen appears later in this sequence.)
On the Policy Broker Replication screen, indicate which Policy Broker mode to use. If you are not sure about which Policy Broker mode to choose, see Managing Policy Broker Replication.
On the Active Directory screen, specify whether your network uses Windows Active Directory, then click Next.
If you are using Active Directory, the Computer Browser screen may appear. Click Next to have the installer attempt to start the service.
If the installer is unable to start the service, you must start it after installation.
On the Integration Option screen, indicate whether to install your Web Security software in standalone or integrated mode, then click Next.
If you selected "Integrated with another application or device" in the previous step, on the Select Integration screen, select the product you want to integrate with, then click Next.
On the Network Card Selection screen, select the network interface card (NIC) that Network Agent should use to monitor Internet activity, then click Next.
For more information, see Deployment guidelines for Network Agent.
On the Log Database Location screen, specify a location (directory path) for the Websense Log Database, then click Next.
On the Optimize Log Database Size screen, select options for optimizing the size of log database records, then click Next.
When Log Web page visits is selected (default), one record (or a few records) is created with combined hits and bandwidth data for each web page requested, rather than a record for each separate file included in the request. This results in fewer records and therefore smaller databases, allowing for potentially faster report generation and longer storage capacities.
When Consolidate requests is selected, Internet requests that share the same value for domain name, category, keyword, action (like permit or block) and user/IP address, within a certain interval of time (1 minute, by default), are combined.
On the Filtering Feedback screen, choose whether to send categorization feedback to Websense, Inc., then click Next.
On the Web Security Gateway Anywhere Components screen, indicate whether to install Sync Service and Directory Agent, then click Next. These services are only used if you have a Web Security Gateway Anywhere key.
On the Transparent User Identification screen, select whether to use Websense transparent identification agents to identify users and then click Next.
Transparent user identification agents allow Websense software to apply user- or group-based policies without prompting users for logon information.
If Websense software is integrated with a third-party product (firewall, proxy server, cache, or network appliance) providing user authentication, a transparent identification agent may not be necessary.
Select Use DC Agent to identify users logging on to Windows domains to install Websense DC Agent on this machine. DC Agent polls domain controllers for information about user logon sessions, and can also poll user machines directly to verify the logged-on user.
Select Use Logon Agent to identify users logging on to local machines to install Websense Logon Agent on this machine. Logon Agent provides the highest level of user identification accuracy by identifying users as they log on to Windows domains.
Logon Agent works with a logon application that runs via logon script on client machines. For instructions on configuring domain controllers and client machines to use Logon Agent, see the Using Logon Agent for Transparent User Identification technical paper.
Select Use both DC Agent and Logon Agent to use both of the agents that work with Windows Active Directory. When both agents are installed, DC Agent information is used as a backup in the unlikely event that Logon Agent is unable to identify a user.
Select Use eDirectory Agent to identify users logging on via Novell eDirectory Server to install Websense eDirectory Agent on this machine. eDirectory Agent queries the Novell eDirectory Server at preset intervals to identify users currently logged on.
Select Do not install a transparent identification agent now if:
On the Directory Service Access screen, supply a local and domain administrator account with directory service access permissions.
On the RADIUS Agent screen, select Install RADIUS Agent if you have remote users that are authenticated by a RADIUS server and then click Next. This allows Websense software to apply user- or group-based policies on these remote users without prompting for logon information.
On the Pre-Installation Summary screen, verify the information shown.
The summary shows the installation path and size, and the components to be installed.
Click Next to start the installation. An Installing progress screen is displayed. Wait for the installation to complete.
On the Installation Complete screen, click Done.

Go to the table of contents Go to the previous page Go to the next page
Installing Web Security solutions > Installing via the Web Security All option
Copyright 2016 Forcepoint LLC. All rights reserved.