This section includes a general discussion of 2 common Check Point integration deployment options: simple deployment with unified components, and distributed deployment. See
Check Point Integration for configuration instructions.
In the simplest and most common network topology, an organization has one firewall that resides on a dedicated server. All Web Security components are installed on a separate machine on the internal network.
The diagram provides a general overview and best practice location for your integration product, but does not show all Websense components. Larger networks require Websense components to be distributed across several dedicated machines. Logon Agent can be used instead of or in combination with DC Agent.
In the following illustration, Websense filtering software is installed on a single machine in a central location where it can manage both non-HTTP and HTTP traffic. HTTP requests are handled by the Check Point appliance, and the non-HTTP traffic is managed by Network Agent, which is positioned to detect all outbound traffic.
The diagram provides a general overview and best practice location for your integration product, but does not show all Websense components. Larger networks require Websense components to be distributed across several dedicated machines.
To avoid performance and security issues, do not install Websense components on a machine running Check Point software. Network Agent will not function correctly if installed on the Check Point machine.