Setting Up Websense X10G Security Blades > Configure the security blade > Web Security Gateway optimized for Network Agent (Slot 16)

Web Security Gateway optimized for Network Agent (Slot 16)

For the blade running Network Agent, after firstboot you will use the Security Blade Manager to configure interface N (Network Agent).

Gather the following information before running the Security Blade Manager.

Primary NTP server Optional Be sure that interface C can access the NTP server. If interface C does not have Internet access, you can install an NTP server locally on a subnet that can be accessed by interface C.	Domain:
Secondary NTP server Optional	Domain:
Tertiary NTP server Optional	Domain:
IP address for network interface N	IP address:
Subnet mask for network interface N	Subnet mask:
Primary DNS server for network interface N	IP address:
Secondary DNS server for network interface N Optional	IP address:
Tertiary DNS server for network interface N Optional	IP address:
Full policy source IP address	This blade provides (choose one): User directory and filtering (you must specify the IP address of a security blade or other machine running Policy Broker, which can be a full policy source blade) Filtering only (you must specify IP address of a security blade or other machine running Policy Server, which can be a full policy source or user directory and filtering machine)
TRITON Unified Security Center location (management console for Web Security Gateway). See the Websense Technical Library for details.	Choose: runs on separate server

After collecting the information needed, access the Security Blade Manager through a supported browser and follow the steps below. See the Security Blade Manager Help for detailed instructions.

1.	Open a supported browser, and enter the following URL in the address bar:

http://<IP address>

Replace <IP address> with the address assigned to network interface C during firstboot.

2.	Select Security Blade Manager.

3.	Select Continue to this website

4.	Log on with the user name admin and the password set during firstboot.

5.	In the left navigation pane, click Configuration > System.

6.	Under Time and Date:

a.	Set the time zone.

b.	Set the time and date:

Automatically synchronize with an NTP server: select this option to use a Network Time Protocol server. Specify up to three NTP servers. Use of an NTP server is recommended, to ensure that database downloads and time-based policies are handled precisely.

Manually set time and date: select this option to enter a system time and date yourself.

c.	Click Save in the Time and Date area.

7.	In the left navigation pane, click Configuration > Network Interfaces.

8.	Under Network Agent Interface (N), configure the N interface. Note: this option is available only for blades configured to run Network Agent during firstboot.

The N interface is used by the Network Agent module. It must be connected to a span (or mirror) port on a switch, allowing it to monitor the Internet requests going through the switch. (Note: be sure to configure the switch so the span port is monitoring all the ports carrying the traffic of interest, See your switch manufacturer's documentation for configuration instructions).

 

Note  The security blade does not send block pages to end users who are blocked from non-HTTP and non-HTTPS protocols. The end users simply do not receive the blocked content.

a.	Click Save in the Network Agent Interface (N) area.

9.	Configure routes if necessary:

a.	In the left navigation pane, click Configuration > Routing.

b.	Under Static Routes, use the Add/Import button to specify customized, static routes.

c.	Under Module Routes, use the Add button to specify non-management Web Security traffic through the C interface.

d.	For either static or module routes, use the Delete button to remove existing routes, if necessary.

 

Note  An existing route cannot be edited. If you want to edit a route, delete it and then use the Add/Import (static) or Add (module) button to specify the route with the changes you want.

See the Security Blade Manager Help for more information about static and module routes.

10.	Select the policy mode of this security blade:

a.	In the left navigation pane, click Configuration > Web Security Components.

b.	Choose User directory and filtering or Filtering only. Enter the IP address of the machine hosting Policy Database (the policy source).

11.	Click Save.

12.	Click Log Off, at the top right, when you are ready to log off Security Blade Manager.

13.	Set up the next blade, or begin installation of off-chassis components.

Setting Up Websense X10G Security Blades > Configure the security blade > Web Security Gateway optimized for Network Agent (Slot 16)