Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page
Initial Configuration for All Security Modules > Additional configuration for the Web DLP Module
Additional configuration for the Web DLP Module
Deployment and Installation Center | TRITON AP-WEB | v8.3.x
Applies to:
In this topic:
*
TRITON AP-WEB, v8.3.x
*
Confirm Content Gateway registration with TRITON AP-DATA
*
Configuring the Content Gateway policy engine
*
Verifying web and data protection linking
In addition to the items under Initial configuration for web protection solutions, perform these procedures if your subscription includes the Web DLP Module.
Confirm Content Gateway registration with TRITON AP-DATA
Content Gateway registers with TRITON AP-DATA automatically. To ensure that registration is successful:
*
Synchronize the date and time on the Content Gateway and TRITON management server machines to within a few minutes.
*
If Content Gateway is deployed as a transparent proxy, ensure that traffic to and from the appliance management interface (C) is not subject to transparent routing. If it is, the registration process will be intercepted by the transparent routing and will not complete properly.
*
Make sure that the IPv4 address of the eth0 NIC on the Content Gateway machine is available (not required if Content Gateway is located on a TRITON appliance). This is the NIC used by the TRITON management server during the registration process.
After registration, the IP address can move to another network interface.
If registration fails an alarm displays in the Content Gateway manager.
1.
Verify connectivity between Content Gateway and the TRITON management server.
2.
In the Content Gateway manager, navigate to the Configure > My Proxy > Basic > General page.
3.
In the Networking section, confirm that Web DLP > Integrated on-box is enabled.
4.
Restart Content Gateway to initiate another registration attempt.
Alternatively:
a.
Go to Configure > Security > Web DLP and enter the IP address of the TRITON management server.
b.
Enter a user name and password for a Data module administrator with Deploy Settings privileges.
c.
Click Register.
After Content Gateway has registered with TRITON AP-DATA, in Content Gateway Manager go to Configure > Security > Web DLP and set the following options:
1.
Analyze FTP Uploads: Enable this option to send FTP uploads to Web DLP components for analysis and policy enforcement.
2.
Analyze HTTPS Content: Enable this option to send decrypted HTTPS posts to Web DLP components for analysis and policy enforcement. SSL Manager must be enabled on Content Gateway.
These options can be accessed whenever TRITON AP-DATA is registered by going to the Configure > Security > Web DLP > General page.
3.
Click Apply and restart Content Gateway.
Web DLP components communicate with the Content Gateway proxy over ports 17000-17014.
Configuring the Content Gateway policy engine
When Content Gateway is registered with Web DLP components, a Content Gateway module appears on the System Modules page in the Data module of the TRITON Manager.
By default, this agent is configured to monitor web traffic, not block it, and for a default violation message to appear when an incident is triggered. If this is acceptable, you do not need to make changes to the Content Gateway configuration. Simply deploy the new settings.
If you want to block web traffic that breaches policy and customize the violation message, do the following:
1.
From the Data module of the TRITON manager, select Settings > Deployment > System Modules.
2.
Select the Content Gateway module in the tree view (click the module name itself, not the plus sign next to it).
It will be listed as Content Gateway on <FQDN> (<PE_version>), where <FQDN> is the fully-qualified domain name of the Content Gateway machine and <PE_version> is the version of the Content Gateway policy engine.
3.
Select the HTTP/HTTPS tab and configure the blocking behavior you want.
Select Help > Explain This Page for instructions for each option.
4.
Select the FTP tab and configure the blocking behavior you want.
Select Help > Explain This Page for instructions for each option.
5.
Click Save to save your changes.
6.
Click Deploy to deploy your settings.
 
* 
Important 
Even if you do not change the default configuration, you must click Deploy to finalize your Content Gateway deployment process.
 
* 
Important 
If your software deployment is on RHEL 7.x or CentOS 7.x, you must do the following in order to successfully deploy Policy Engine.
On the Content Gateway machine:
7.
Stop IPTables:
service iptables stop
8.
Stop and disable FirewallD:
service firewalld stop
systemctl disable firewalld
9.
Run the following:
sysctl -w net.ipv4.tcp_tw_recycle=0
10.
Deploy Policy Engine.
11.
Restart IPTables:
/opt/WCG/bin/netcontrol.sh -i
Verifying web and data protection linking
When Linking Service is installed, it allows Web DLP components to access user identification and URL categorization data. To verify that it is working:
1.
Log onto the Data module of the TRITON Manager.
2.
Select Settings > General > Linking Service.
3.
Verify settings and test the connection.
Select Help > Explain This Page for detailed information about the settings on this screen.
4.
Click OK to save any changes.
5.
Click Deploy to deploy your settings.

Go to the table of contents Go to the previous page Go to the next page
Initial Configuration for All Security Modules > Additional configuration for the Web DLP Module
Copyright 2016 Forcepoint LLC. All rights reserved.