Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working With Websense Data Security > Registering and configuring Data Security
Registering and configuring Data Security
Help | Content Gateway | Version 7.8.x
Related topics:
 
For an introduction to Websense Data Security, see Working With Websense Data Security.
Registration and configuration summary:
*
Threat dashboard forensics data is collected automatically by Websense Web Security.
If registration fails, an alarm displays.
*
Registration with off-box Data Security Management Server is automatic after Configure > My Proxy > Basic > Data Security > Integrated on-box is enabled and Content Gateway is restarted.
Content Gateway queries the TRITON console for the presence of Data Security Management Server.
 
Important 
Registration is tested and retried, if needed, every time Content Gateway is started.
If automatic registration fails, an alarm displays.
 
Important 
*
Web DLP policies are configured in the Data Security manager in the System Modules section. You must deploy the Data Security policies to put them into effect. See Data Security Help for details.
*
View registration status in the Content Gateway manager on the Monitor > Summary page by clicking More Detail and checking the list at the bottom of the Subscription Details section.
*
Registration and configuration details
Whether you are deploying Web Security Gateway or Web Security Gateway Anywhere, registration with the Forensics Repository is automatic. There is no additional configuration.
If you are deploying Web Security Gateway Anywhere to use Web DLP, you must enable the Data Security integration in the Content Gateway manager:
*
Go to Configure > My Proxy > Basic and enable Data Security > Integrated on-box. If this option is not enabled, registration is with the Forensics Repository only.
 
Important 
Before enabling Data Security >Integrated on-box, ensure that the Content Gateway and Data Security Management Server computers are running and accessible, and that their system clocks are synchronized within a few minutes.
After Data Security > Integrated on-box is enabled, registration with Data Security Management Server is automatic and is performed, if needed, every time that Content Gateway starts. To perform registration, Content Gateway queries Websense Web Security Policy Broker for needed information, including IP address and cluster ID.
Registration status can be viewed in the Content Gateway manager on the Monitor > Summary page by clicking More Detail and reviewing the list at the bottom of the Subscription Details section.
Once registered, Content Gateway uses the Web DLP policy engine for malware detection. Go to the Data Security manager to configure and deploy Web DLP policies. You must deploy Web DLP in the Data Security manager.
If automatic registration fails, an alarm displays.
Manual registration
After Data Security > Integrated on-box is enabled and Content Gateway has been restarted, you can attempt a manual registration by going to Configure > Security > Data Security (see below).
Restarting Content Gateway always checks the registration status and initiates an auto-registration attempt, if needed.
Registration success and failure information is logged in: /opt/WCG/logs/dss_registration.log
 
Important 
If Content Gateway is not located on a V-Series appliance, registration requires that the Content Gateway host system have an IPv4 address assigned to the eth0 network interface. After registration, the IP address may move to another network interface on the system; however, that IP address is used for Data Security configuration deployment and must be available as long as the two modules are registered.
Manual registration with Data Security Management Server:
1.
2.
Ensure that Data Security > Integrated on-box is enabled. In the Content Gateway manager select Configure > Basic > General. In the list of Features, under Networking locate Data Security, select On, then select Integrated on-box, and then click Apply.
3.
Next to Integrated on-box, click the Not registered link. This opens the Configure > Security > Data Security registration screen.
4.
Enter the IP address of the Data Security Management Server.
5.
6.
Click Register. If registration is successful, a message confirms the result and prompts you to restart Content Gateway.
If registration fails, an error message indicates the cause of failure. Correct the problem and perform the registration process again.
Configuration options
When registration is successful, on the Configure > Security > Data Security page set the following options:
1.
Analyze FTP Uploads: Select this option to send FTP uploads to Data Security for analysis and policy enforcement.
2.
Analyze HTTPS Content: Select this option to send decrypted HTTPS posts to Data Security for analysis and policy enforcement. The HTTPS protocol option must be enabled on Content Gateway. See .
 
Note 
3.
Click Apply to save your settings and then restart Content Gateway.
4.
Data Security and Content Gateway communicate over several ports. If IPTables are configured on the Content Gateway host system, these ports must be open in IPTables. See these Technical Library articles: Content Gateway Ports and Configuring IPTables for Websense Content Gateway.
 
Note 

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working With Websense Data Security > Registering and configuring Data Security
Copyright 2016 Forcepoint LLC. All rights reserved.