Re-registering TRITON AP-DATA components

Topic 51312 | Web, Data, and Email Solutions | v8.0.x, v8.1.x | Updated 12-Oct-2015

You must re-register all TRITON AP-DATA servers, agents, and protectors when you change the IP address or hostname of the TRITON management server.

Before you start, make sure you know the user name and password of a TRITON AP-DATA administrator who has an access role with System Modules privileges.

Re-register TRITON AP-DATA servers and agents

Go to each server and machine with a TRITON AP-DATA agent installed and do the following:

Launch the Websense installer.

In the installer, for Data, select the Modify link.

Accept the defaults in the installer screens and click Next, until you reach the Register with the Data Security Server screen.

In the Register with the TRITON AP-DATA Server screen, enter the new IP address of the TRITON management server along with the user name and password of a TRITON administrator.

When the installers finish:

Log onto the Data module of TRITON Manager and go to Settings > Deployment > System Modules.

Verify that the components appear in the tree view.

Click Deploy.

Re-register Protector

Log onto each protector as root.

Run wizard securecomm.

Enter the TRITON management server's IP address along with the user name and password of a TRITON AP-DATA administrator with System Modules privileges.

Log onto the Data module of TRITON Manager and go to Settings > Deployment > System Modules.

Verify that the protector appears in the tree view.

Click Deploy.

Re-register Websense Content Gateway

To enable the Web DLP module of TRITON AP-WEB, you must connect Content Gateway to the TRITON management server for TRITON AP-DATA. Follow these steps to establish that connection:

Ensure that Content Gateway and TRITON management server systems are running and accessible, and that their system clocks are approximately synchronized.

Ensure the Content Gateway machine has a fully qualified domain name (FQDN) that is unique in your network. Hostname alone is not sufficient.

If Content Gateway is deployed as a transparent proxy, ensure that traffic to and from the communication interface ("C" on a V-Series appliance) is not subject to transparent routing. If it is, the registration process will be intercepted by the transparent routing and will not complete properly.

Make sure that the IPv4 address of the eth0 NIC on the Content Gateway machine is available (not required if Content Gateway is located on a V-Series appliance). TRITON management server uses the eth0 NIC during the registration process.

After registration, the IP address can move to another network interface on the same machine; however, that IP address is used for configuration deployment and must be available as long as the 2 modules are registered.

From the Content Gateway Manager, select Configure > Basic > General.

Make sure TRITON AP-DATA is turned on (the On radio button and Integrated on-box must be selected). Now click the Not Registered link. This opens the Configure > Security > TRITON AP-DATA registration screen.

Enter the IP address of the TRITON management server.

Enter a user name and password for a TRITON AP-DATA administrator with Manage System Modules privileges.

Click Register. You are reminded to synchronize the system time between the proxy machine and the TRITON management server.

10.

If registration succeeds, a TRITON AP-DATA Configuration page displays. Set the following configuration options:

Analyze FTP Uploads: Enable this option to send FTP uploads to TRITON AP-DATA for analysis and policy enforcement.

Analyze Secure Content: Enable this option to send decrypted HTTPS posts to TRITON AP-DATA for analysis and policy enforcement.

These options can be accessed whenever TRITON AP-DATA is registered by going to the Configure > Security > TRITON AP-DATA > General page.

11.

Click Apply.

12.

Restart Content Gateway.

13.

Deploy the Content Gateway module by clicking Deploy in the Data module of TRITON Manager.

Troubleshooting the connection between Content Gateway and TRITON AP-DATA

If you cannot register Websense Content Gateway with the TRITON management server (you receive an error in Content Gateway Manager) be sure that you can ping the TRITON management server from the proxy machine. (Go to the Linux command line and ping the IP address of the TRITON management server.)

If the ping fails, make sure that you have the correct IP address for the TRITON management server by going to that machine and running ipconfig from the command line.

If the proxy is on a V-Series appliance, try pinging the IPv4 address of the appliance's C interface from the TRITON management server.

If the proxy is not on a Websense appliance, try pinging the IPv4 address of the Content Gateway host system eth0 network interface from the TRITON management server. The registration process requires that Content Gateway is reachable on eth0. After registration, the IP address may move to another network interface on the system, but that IP address must remain available while the 2 modules are being registered.

If Content Gateway is deployed as a transparent proxy and the communication interface ("C" on a V-Series appliance) is subject to transparent routing, the registration process was likely intercepted by the transparent routing and prevented from completing. Ensure that traffic to and from the communication interface is not subject to transparent routing.

If registration still fails, make sure that neither the proxy machine nor the TRITON management server has a machine name with a hyphen in it. This has been known to cause registration problems.

And make sure the Content Gateway machine has a fully qualified domain name (FQDN) that is unique in your network. Hostname alone is not sufficient to register the proxy with the TRITON management server.