Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page
Web protection distributed deployments > Web protection for remote users or locations
Web protection for remote users or locations
Deployment and Installation Center | TRITON AP-WEB and Web Filter & Security | v8.3.x
In this topic                                       
*
TRITON AP-WEB
*
Web Filter & Security
TRITON AP-WEB
In an on-premises TRITON AP-WEB deployment, Internet requests from remote sites can be managed by either by software installed at the main site, or with the Web Hybrid module, by the hybrid service in the cloud.
Using the hybrid service may address network latency issues, because requests from remote sites and off-site users are managed by the nearest hybrid service cluster.
The following illustration shows how remote-site Internet management works via the hybrid service. A user's web request is directed to the hybrid service, which permits or blocks the request based on the applicable policy.
Policy settings are defined at the main site and uploaded automatically to the hybrid service at preset intervals. User information, for user- or group-based policy enforcement, is also uploaded.
Log data for reporting is downloaded from the hybrid service to the main site automatically and is incorporated into the Log Database (at the main site). Thus, reports can cover users at all offices.
Web Filter & Security
In centralized organizations that route all outbound Internet requests through a single large Internet connection, the servers running Web Filter & Security are normally placed physically close to the firewall, proxy server, or network appliance.
Remote sites in a distributed enterprise have a direct local connection to the Internet, and no centralized point of control.
Rather than deploying Web Filter & Security components at each remote-site firewall, you can deploy them in a geographically central location. Since the software is accessible from the Internet, components should be protected by a firewall that allows URL lookup requests to pass through.
Policy enforcement is performed by components at the main site. Remote sites must be equipped with a firewall that can be configured to check with Web Filter & Security to permit or block web requests, or an instance of Network Agent must be deployed at the remote site.
Forcepoint LLC has tested this configuration in cooperation with several of its integration partners. The Partners page at forcepoint.com links to pages that list our Security Alliance and Vendor Alliance partners.
This configuration provides distributed enterprises with policy enforcement for each remote site. It also:
*
Provides uniform Internet access policies at each location.
*
Eliminates the cost of additional hardware to host web protection software at each remote site.
*
Allows the enterprise to centrally configure, administer, and maintain a limited number of Web Filter & Security machines.
The following illustration shows the basic sequence of events involved in responding to a web request from a remote site.
1.
A user requests a web page.
2.
The request is directed through the local firewall to web protection software at the main site via the Internet.
3.
Web protection software responds via the Internet, either permitting or blocking the request.
4.
The user is given access to the site or sees a block page.
In the case of multiple remote sites, each remote site communicates with policy enforcement components at the main site in the same manner shown above.
Off-site user machines (like laptops used by travelers) may be managed using the Remote Filter module. See Deploying Remote Filtering Server and Client.

Go to the table of contents Go to the previous page Go to the next page
Web protection distributed deployments > Web protection for remote users or locations
Copyright 2016 Forcepoint LLC. All rights reserved.