Deploying Web Security core components

Technical Library | Support

Go to the table of contents

Go to the previous page

Go to the next page

Web Security Deployment Recommendations > Deploying Web Security core components

Deploying Web Security core components

Deployment and Installation Center | Web Security Solutions | Version 7.8.x

Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.8.x

Core policy components

Core management components

Core reporting components

Websense Web Security solutions are made up of core policy, management, and reporting components, shown in the diagram below and described in detail in the sections that follow.

Core policy components

To ensure effective policy enforcement, Websense Web Security core management components must be installed so that:

All components can communicate with an instance of Policy Broker.

In Policy Broker standalone mode (software or appliance), there is only one Policy Broker instance for the entire deployment.

In Policy Broker replicated mode (software only), there is one primary Policy Broker (to which configuration updates are written) and one or more Policy Broker replicas (with a read-only copy of the configuration data).

In software installations, Policy Broker can run on Windows or Linux.

With Websense appliances, the standalone Policy Broker is present on the full policy source appliance only.

Most components must be able to communicate with Policy Broker on port 55880. (The exceptions are all optional components: transparent identification agents, State Server, Multiplexer, Linking Service, and Directory Agent.)

There is a central instance of Policy Server.

In software installations, the central Policy Server instance runs on the standalone or primary Policy Broker machine.

With Websense appliances, Policy Server is present on the full policy source appliance.

Additional instances of Policy Server can be deployed on Windows or Linux machines, or on user identification and filtering appliances.

Most components must be able to communicate with Policy Server on ports 55806 and 40000. (The exceptions are Remote Filtering Server and State Server.)

At least one instance of Filtering Service communicates with the central Policy Server.

In software installations, Filtering Service can run on the same machine as Policy Broker and Policy Server, or on a separate machine.

With Websense appliances, a Filtering Service instance is present on the full policy source appliance.

Additional instances of Filtering Service can be deployed on Windows or Linux machines, or on either user identification and filtering (includes Policy Server) or filtering only (must point to a remote Policy Server) appliances.

Filtering Service is configured to receive HTTP(S) requests from one of the following (see Understanding Web Security standalone and integrated modes):

Content Gateway (Websense Web Security Gateway or Gateway Anywhere deployments).

Network Agent (Websense Web Filter or Web Security standalone deployments).

An integrated third-party firewall, proxy server, or caching application (Websense Web Filter or Web Security integrated deployments).

Core management components

The TRITON Unified Security Center (TRITON console) is the centralized management console for Websense TRITON Enterprise solutions. The TRITON console includes global administrator settings and appliance connection data, as well as 3 management modules: Web Security, Data Security, and Email Security.

The Web Security manager is the console used to perform product configuration, policy management, and reporting tasks for Websense Web Security solutions.

Install all TRITON Unified Security Center components on a single Windows server (sometimes called the TRITON management server).

The Web Security manager must be able to communicate with:

Policy Broker on port 55880

Policy Server on ports 40000, 55806, 55817, 55818, and 55824

Filtering Service on port 55807

Log Server on ports 55812 and 55805

User Service on port 55815

Core reporting components

Web Security Log Server receives information about Internet activity from Filtering Service and processes it into the Log Database.

Install Log Server on a dedicated Windows server.

Log Server does not run on Websense appliances.

Because collecting and processing log records is resource-intensive, Log Server should typically not run on the same machine other resource-sensitive components, like the TRITON console or Filtering Service.

You may have one Log Server instance for the entire deployment, or multiple Log Server instances (see Additional reporting considerations), but you can never have more than one Log Server per Policy Server.

The Log Database resides on a supported Microsoft SQL Server machine.

Do not run Log Server on the SQL Server machine.

By default, Log Server communicates with SQL Server on the default ODBC port (1433). A custom port can be specified during installation. See Using a custom port to connect to the Log Database.

The TRITON management server machine must be able to communicate with Log Server and the Log Database.

Go to the table of contents

Go to the previous page

Go to the next page

Web Security Deployment Recommendations > Deploying Web Security core components

Copyright 2016 Forcepoint LLC. All rights reserved.