Technical Library
|
Support
Table of Contents
Overview
Deployment options
Components
Processes
Administration tools
Proxy traffic analysis features
Online Help
Technical Support
Getting Started
Accessing the Content Gateway manager
Configuring Content Gateway for two-factor authentication
Accessing the Content Gateway manager if you forget the master administrator password
Entering your subscription key
Providing system information
Verifying that the proxy is processing Internet requests
Using the command-line interface
Starting and stopping Content Gateway on the Command Line
Web Proxy Caching
Ensuring cached object freshness
HTTP object freshness
Modifying the aging factor for freshness computations
Setting an absolute freshness limit
Specifying header requirements
Cache-Control headers
Revalidating HTTP objects
FTP object freshness
Scheduling updates to local cache content
Configuring the Scheduled Update option
Forcing an immediate update
Pinning content in the cache
Setting cache pinning rules
Enabling cache pinning
To cache or not to cache?
Caching HTTP objects
Client directives
Configuring the proxy to ignore client no-cache headers
Origin server directives
Configuring the proxy to ignore server no-cache headers
Configuring the proxy to ignore WWW-Authenticate headers
Configuration directives
Disabling HTTP object caching
Caching dynamic content
Caching cookied objects
Forcing object caching
Caching HTTP alternates
Caching FTP objects
Disabling FTP over HTTP caching
Explicit Proxy
Manual browser configuration
Using a PAC file
Sample PAC file
Using WPAD
Configuring FTP clients in an explicit proxy environment
Transparent Proxy and ARM
The ARM
Transparent interception strategies
Transparent interception with a Layer 4 switch
Transparent interception with WCCP v2 devices
ARM bypass and WCCP
WCCP load distribution
Configuring WCCP v2 routers
Configuring service groups on the WCCP device
Enabling WCCP processing for a service group
Disabling WCCP processing for a service group
Enabling WCCP v2 security on the router
Enabling WCCP v2 in Content Gateway
Enabling WCCP in the Content Gateway manager
Configuring service groups in the Content Gateway manager
Transparent interception and multicast mode
Transparent interception with policy-based routing
Transparent interception with software-based routing
Configuring Content Gateway to serve only transparent requests
Interception bypass
Dynamic bypass rules
Setting dynamic bypass rules
Viewing dynamic bypass statistics
Static bypass rules
Viewing the current set of bypass rules
Connection load shedding
Reducing DNS lookups
Additional Proxy Configuration
IP spoofing
Support for IPv6
Clusters
Changing clustering configuration
Adding nodes to a cluster
Deleting nodes from a cluster
Virtual IP failover
Enabling and disabling virtual IP addressing
Adding and editing virtual IP addresses
Hierarchical Caching
HTTP cache hierarchies
Parent failover
Configuring Content Gateway to use an HTTP parent cache
Configuring the Cache
Changing cache capacity
Querying cache size
Increasing cache capacity
Reducing cache capacity
Partitioning the cache
Making changes to partition sizes and protocols
Partitioning the cache according to origin server or domain
Configuring cache object size limit
Clearing the cache
Changing the size of the RAM cache
DNS Proxy Caching
Configuring DNS proxy caching
Configuring the System
Content Gateway manager
Command-line interface
Configuration files
Saving and restoring configurations
Taking configuration snapshots
Restoring configuration snapshots
Deleting configuration snapshots
Monitoring Traffic
Viewing statistics
Viewing statistics from the command line
Working with alarms
Using Performance graphs
Creating SSL-related reports
Certificate Authorities
Incidents
Working With Websense Data Security
Registering and configuring Data Security
Configuring the ICAP client
ICAP failover and load balancing
Working With Encrypted Data
Running in explicit proxy mode
Enabling SSL support
Initial SSL configuration tasks
Certificates
Internal Root CA
Importing your Root CA
Creating a new Root CA
Creating a subordinate CA
Backing up your internal Root CA
Managing certificates
Adding new certificate authorities
Backing up certificates
Restoring certificates
Decryption and Encryption
SSL configuration settings for inbound traffic
SSL configuration settings for outbound traffic
Validating certificates
Bypassing verification
Keeping revocation information up to date
Managing HTTPS website access
Viewing incidents
Changing the status of an incident
Deleting an incident
Changing the text of a message
Viewing incident details
Adding websites to the Incident List
Client certificates
Importing client certificates
When a client certificate is always required: the Hostlist
Deleting client certificates
Customizing SSL connection failure messages
Certificate validation failed
SSL connection failure
Security
Controlling client access to the proxy
Controlling access to the Content Gateway manager
Setting the administrator ID and password
Creating a list of user accounts
Controlling host access to the Content Gateway manager
Using SSL for secure administration
FIPS 140-2 Mode
Filtering Rules
Configuring SOCKS firewall integration
Configuring SOCKS servers
Setting SOCKS proxy options
Setting SOCKS server bypass
Using the Split DNS option
Content Gateway user authentication
Browser limitations
Global authentication options
Surrogate credentials
Integrated Windows Authentication
Configuring Integrated Windows Authentication with a load balancer
Troubleshooting Integrated Windows Authentication
Legacy NTLM authentication
LDAP authentication
RADIUS authentication
Rule-Based Authentication
Unknown users and the 'alias' option
Rule-based authentication Domain list
Creating an authentication rule
Working with existing authentication rules
Rule-based authentication use cases
Authentication based on User-Agent
Authentication using Captive Portal
Troubleshooting authentication rules
Mac and iPhone/iPad authentication
Working With Log Files
Event log files
Managing event log files
Event log file formats
Using standard formats
Custom format
Creating summary log files
Applying logs_xml.config file changes to all nodes in a cluster
Choosing binary or ASCII
Using logcat to convert binary logs to ASCII
Rolling event log files
Splitting event log files
Setting log splitting options
Editing the log_hosts.config file
Collating event log files
Configuring Content Gateway to be a collation server
Configuring Content Gateway to be a collation client
Using a stand-alone collator
Viewing logging statistics
Viewing log files
Example event log file entries
Squid format
Netscape examples
Cache result codes in Squid- and Netscape-format log files
Statistics
My Proxy
Summary
Node
Graphs
Alarms
Diagnostics
Automatic diagnostic tests
Manual diagnostic tests
Protocols
HTTP
FTP
Security
Integrated Windows Authentication
LDAP
Legacy NTLM
SOCKS
Data Security
Subsystems
Cache
Clustering
Logging
Networking
System
ARM
ICAP
WCCP
DNS Proxy
DNS Resolver
Virtual IP
Client Connection Status
Performance
SSL
SSL Key Data
CRL Statistics
Reports
Commands and Variables
Websense Content Gateway variables
Statistics
Configuration Options
My Proxy
Basic
Subscription
UI Setup
Snapshots
Logs
Protocols
HTTP
HTTP Responses
HTTP Scheduled Update
HTTPS
FTP
Content Routing
Hierarchies
Mapping and Redirection
Browser Auto-Config
Security
Connection Control
FIPS Security
Data Security
Access Control
SOCKS
Subsystems
Cache
Logging
Networking
Connection Management
ARM
WCCP
DNS Proxy
DNS Resolver
ICAP
Virtual IP
Health Check URLs
SSL
Event Logging Formats
Logging format cross-reference
Configuration Files
auth_domains.config
auth_rules.config
bypass.config
cache.config
filter.config
hosting.config
ip_allow.config
ipnat.conf
log_hosts.config
logs_xml.config
mgmt_allow.config
parent.config
partition.config
records.config
Configuration variables
System variables
Local manager
Process manager
Virtual IP manager
Alarm configuration
ARM
Load shedding configuration (ARM)
Authentication basic realm
LDAP
RADIUS authentication
NTLM
Integrated Windows Authentication
Transparent authentication
HTTP engine
Parent proxy configuration
HTTP connection timeouts (secs)
Origin server connection attempts
Negative response caching
Proxy users variables
Security
Cache control
Heuristic expiration
Dynamic content and content negotiation
Anonymous FTP password
Cached FTP document lifetime
FTP transfer mode
Customizable user response pages
FTP engine
SOCKS processor
Net subsystem
Cluster subsystem
Cache
DNS
DNS proxy
HostDB
Logging configuration
URL remap rules
Scheduled update configuration
SNMP configuration
Plug-in configuration
WCCP configuration
FIPS (Security Configuration)
SSL Decryption
ICAP
Data Security
Connectivity, analysis, and boundary conditions
remap.config
socks.config
socks_server.config
splitdns.config
storage.config
update.config
wccp.config
Error Messages
Alarm messages
HTML messages sent to clients
Standard HTTP response messages
Copyright 2016 Forcepoint LLC. All rights reserved.