Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using Logon Agent for Transparent User Identification > Components used for transparent identification with Logon Agent
Components used for transparent identification with Logon Agent
Using Logon Agent | Forcepoint Web Security and Forcepoint URL Filtering | 29-Apr-2022
Transparent identification with Logon Agent uses the following components.
Logon Agent
Logon Agent can be installed on Windows or Linux, and works with the logon application installed on Windows or Mac clients.
Logon Agent can communicate with Windows Active Directory, and uses information sent by the logon application to authenticate user logon sessions from all Windows domains in your network. The agent stores authenticated user name/IP address pairs in a user map in local memory.
Multiple Logon Agent instances can be used if required; this may benefit larger networks (see Logon Agent deployment).
Filtering Service uses the information provided by Logon Agent to apply policies to logged-on users.
A Logon Agent installation includes the following files:
Filename
Location
Functionality
AuthServer.exe
Websense\Web Security\bin
or /opt/Websense/bin/
Runs as the Websense Logon Agent service.
The Logon Agent executable sends new entries to Filtering Service and receives configuration information from the Forcepoint Security Manager.
Uses port 30602 by default.
LogonApp.exe
Websense\Web Security\bin\LogonApp\Windows\x64 or \x86
Activated on Windows client machines by a logon script (logon.bat).
Captures user logon sessions as they occur.
logon.bat
Websense\Web Security\bin\LogonApp\Windows
Invokes LogonApp.exe (the Windows logon application).
LogonApp.tar.gz
Websense\Web Security\bin\LogonApp\Mac
Contains an install script that, when run on Mac client machines, installs the logon application.
AuthServer.bak
Websense\Web Security\bin\
or /opt/Websense/
Backup copy of the Logon Agent user name/IP address map.
Read at startup.
AuthServer.ini
Websense\Web Security\bin\
or /opt/Websense/
Contains one initialization parameter for Logon Agent.
The logon application
The logon application runs on Windows and Mac clients and sends user logon information to Logon Agent for authentication.
*
In persistent mode (default), the Windows or Mac logon application sends logon information to Logon Agent at a specific interval (configured using the Query interval (persistent mode) setting in the Forcepoint Security Manager).
*
In nonpersistent mode, the Windows logon application sends logon information to Logon Agent only once for each logon. The entry remains in the user map for a specific interval (configured using the User entry expiration (nonpersistent mode) setting in the Security Manager).
User Service
User Service and Logon Agent may reside on the same machine or different machines, but Logon Agent must be able to communicate with User Service.
User Service provides domain controller names and IP addresses to Logon Agent so that the agent can authenticate users logged on to domains. User Service also interacts with the directory service to get group information for logged-on users.
Filtering Service
Filtering Service translates logon session data provided by Logon Agent so that the appropriate policies can be applied to users, groups, and domains (OUs).
Filtering Service receives user logon session information from Logon Agent as users log on to domain controllers or machines. Filtering Service gets user data as user name/IP address pairs. When Filtering Service receives the IP address of a machine making an Internet request, it consults its user map to match the address with a user name, allowing users to be identified transparently. Filtering Service then applies the policies assigned to those users or groups.
The product can be configured to prompt users to manually authenticate if it cannot obtain user information via Logon Agent. When manual authentication is enabled, users who cannot provide a valid user name and password are blocked from Internet access.
If a user cannot be identified transparently, and manual authentication is not enabled, Filtering Services applies computer or network (IP address-based) policies, or the Default policy, to user requests.
 

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using Logon Agent for Transparent User Identification > Components used for transparent identification with Logon Agent
Copyright 2022 Forcepoint. All rights reserved.