Technical Library | Support

Go to the table of contents Go to the previous page You are at the end of the document View or print as PDF
Network Agent Quick Start : Troubleshooting tips for Network Agent
Troubleshooting tips for Network Agent
Network Agent Quick Start | Web Protection Solutions | v8.0.x, v8.1.x | 16-Dec-2016
Network Agent cannot contact Filtering Service
When Filtering Service has been uninstalled and reinstalled, the Network Agent does not automatically update the internal identifier (UID) for Filtering Service.
To re-establish connection to Filtering Service:
1.
Open the Web module of the TRITON Manager and select Settings in the left navigation pane.
2.
Expand the Network Agent section, and then select a Network Agent IP address.
3.
Select the Filtering Service IPv4 address from the drop-down list.
4.
Click OK to cache your changes, and then click Save and Deploy.
Network Agent fails to start with stealth mode NIC
On Linux systems that include a network card configured in stealth mode, there are 2 potential issues that may prevent Network Agent from starting:
*
A stealth mode NIC may inadvertently be selected for communication (blocking) in the Websense software installer. Use the TRITON console to select a different blocking NIC.
*
If Network Agent is bound to a NIC configured for stealth mode, and then the NIC IP address is removed from the Linux configuration file (/etc/sysconfig/network-scripts/ifcfg-<adapter name>), Network Agent will not start.
To reconnect Network Agent to the NIC, restore the IP address in the configuration file.
Spanning or mirroring is configured incorrectly
If Network Agent is connected to a switch, it must be able to see all traffic for the network or segment that it monitors. This means that it must connect to the span, mirror, or monitor port (though the term varies by manufacturer, the function is the same).
The span port mirrors all the traffic that leaves the network segment, so traffic is simultaneously sent to the monitoring port to which Network Agent is connected.
Monitor (span, mirror) only the port going to the firewall or router, not the entire network.
Router or firewall traffic is being monitored in the wrong direction
Monitor (span, mirror) the traffic going to the firewall or router. On Cisco switches, this means you need to specify Tx. On HP and 3Com switches, you need to specify Egress.
To log bytes sent and received, set both Tx and Rx (Cisco) or both Egress and Ingress (HP, 3Com).
Teamed NICs
Teamed NICs share the load under one common identity, with multiple adapters load-balancing under a single IP address. This is also known as link aggregation or trunking.
If you have implemented NIC teaming, but don't see load balancing working as expected, the problem may be resolved by configuring your switch to disable flowcontrol send. To do this, use the command set port flowcontrol send off for both the port-channel and channel member ports.
An anti-spoofing mechanism has been used in the switch
Because Network Agent uses spoofing to block requests, the anti-spoofing mechanism in the switch must be disabled. If this is not possible, use Content Gateway (the TRITON AP-WEB proxy) or a third-party integration product (Web Filter & Security).
Can a network tap be used with Network Agent?
Yes. A tap can be used with the Network Agent machine. Network Agent must be able to see the traffic in both directions.
 

Go to the table of contents Go to the previous page You are at the end of the document View or print as PDF
Network Agent Quick Start : Troubleshooting tips for Network Agent
Copyright 2016 Forcepoint LLC. All rights reserved.