Deployment and Installation Center
Websense TRITON Enterprise v7.6.x


If you want Websense Data Security to work with a Web proxy to monitor HTTP, HTTPS, and FTP traffic, we recommend that you use the Websense Content Gateway Web proxy. Websense Content Gateway includes a Data Security policy engine on box and streamlines communication with the TRITON Management Server.
If you have Websense Web Security Gateway or Web Security Gateway Anywhere, the Content Gateway proxy is included in the solution.
These proxies integrate with Websense Data Security over ICAP, an industry-standard protocol designed for off-loading specialized tasks from proxies.
The integration solution described in this section is the recommended one. Other configurations can be implemented, but should be tested prior to deployment.
*
In the described deployment caching is not in effect (Blue Coat SG does not cache PUTs and POSTs). However, you should exercise care if a response mode configuration is used.
This deployment recommendation describes a forward proxy: a Blue Coat SG appliance connected to a Websense protector using ICAP. The Blue Coat SG appliance serves as a proxy for all HTTP, HTTPS, and FTP transactions. It is configured with rules that route data to the Websense ICAP server.
In this mode, the Blue Coat SG appliance requires Websense Data Security to authorize each transaction before allowing the transactions to be posted or uploaded to their intended destination. This is the recommended mode of operation for the solution as it provides the most security.
In this mode, the transactions that are redirected by the Blue Coat SG appliance are analyzed by Websense Data Security, which can then generate audits for confidential information usage as well as generate notifications for administrators and information owners. However, in monitoring mode, the Websense ICAP server universally responds to all redirected transactions with Allow.
The Websense - Blue Coat ICAP integration component resides on the protector, and acts as a relay between the Blue Coat SG appliances and the TRITON Management Server as shown below:
Refer to Data Security for instructions on installing Websense Data Security. Refer to relevant Blue Coat documentation for more information on installing the Blue Coat appliance.
The Blue Coat Proxy SG can be configured with its basic information. You will need several pieces of information to configure the Proxy SG:
Items 1-5 enable you to set up the initial configuration of the Proxy SG by following the steps configure the Proxy SG with a direct serial port connection in your Blue Coat installation guide.
First, log on to the Proxy SG management console following the instructions in the Blue Coat installation guide. Then configure Adapter #1 with the IP address and netmask of the ICAP interface using the steps in the Adapters section of your Blue Coat configuration guide. (Adapter #0 is configured during the serial port configuration)
1.
Open TRITON - Data Security, and go to Settings > System Modules.
This procedure assumes the Proxy SG is operating minimally with initial configurations, and you are logged on to the Blue Coat Management Console. If you have multiple protectors with ICAP servers, you must create a unique Proxy SG service for each one.
1.
Select Configuration > External Services > ICAP.
a.
Click New.
b.
In the Add ICAP Service field, enter an alphanumeric name.
c.
Click OK.
3.
In the Services list, select the new ICAP service name and click Edit. The following screen appears:
This includes the URL schema, the ICAP server host name or IP address, and the ICAP port number. For example, icap://10.1.1.1:87.
Maximum number of connections
The maximum number of connections at any time between the Proxy SG and the ICAP server. This can be any number between 1 and 65535. The default is 5.
The number of seconds the Proxy SG waits for replies from the ICAP server. This can be any number between 60 and 65535. The default timeout is 70 seconds.
Notify administrator
Check the Virus detected box to send an email to the administrator if the virus scan detects a match. The notification is also sent to the Event Log and the Event Log email list.
Method supported
Select request modification for this service. Also select Client address and/or Authenticated user.
5.
6.
Click Apply.
The procedure in this section assumes the Proxy SG is operating with initial configurations and ICAP configuration, and you are logged on to the Blue Coat Management Console.
1.
Select Configuration > Policy >Visual Policy Manager.
2.
Click Launch.
6.
Right click the Action option and select Set from the menu.
7.
Under Show, select Set ICAP Request Service Objects.
8.
Click New > Set ICAP Request Service.
10.
Select Use ICAP request service, choose a service from the drop-down list, and click Add.
11.
Click OK twice.
12.
Click Install policy.
Squid provides protocol support for HTTP, HTTPS, and FTP. It integrates with Websense Data Security over ICAP, which is supported in Squid-3.0 and later.
This deployment recommendation describes a forward proxy: a Squid Web proxy server connected to a Websense protector using ICAP. Squid serves as a proxy for all HTTP, HTTPS, and FTP transactions. It is configured with rules that route data to the Websense ICAP server.
Refer to Data Security for instructions on installing Websense Data Security, and refer to the relevant Squid documentation for more information on installing the Squid Web proxy.
icap_service service_req reqmod_precache 1
icap://<protector_IP>:1344/reqmod
adaptation_access service_req allow all
icap_service service_req reqmod_precache 1
icap://<protector_IP>:1344/reqmod
icap_class class_req service_req
icap_access class_req allow all
1.
Open TRITON - Data Security, and go to Settings > System Modules.
Response Condition
Control Exceeds Size Limit
/usr/local/spicer/etc/blockmessageexample.plain
/usr/local/spicer/etc/block-messageexample.markup