Installing and Deploying Websense Endpoint Clients > Deploying Websense endpoints
|
|
When the Windows version of Web Endpoint is installed by itself on client machines, use the endpoint package provided on the Settings > Hybrid Configuration > Hybrid User Identification page in TRITON - Web Security.
|
|
On any Windows server that includes Web Security components, navigate to C:\Program Files or Program Files (x86)\Websense\Web Security\DTFAgent\RemoteFilteringAgentPack and double-click WECfg.exe.
|
|
On the Data Security Management Server machine, navigate to Start > All Programs > Websense > Data Security > Endpoint Package Builder.
|
2.
|
On the Select Components screen, select one or more endpoint clients to configure. You can create packages for both Websense Data Endpoint and one Web Security endpoint client, but you cannot select both Remote Filtering Client and Web Endpoint at the same time.
|
3.
|
On the Installation Platform and Security screen, select the operating system or systems for which you want to create an installation package, create the administrator password that will be used to uninstall or modify endpoint client software, and configure anti-tampering settings. When you are finished, click Next.
|
|
Data Endpoint: Administrators can set this password on the General tab under Settings > General > System > Endpoint.
|
|
Web Endpoint: Go to Settings > Hybrid Configuration > Hybrid User Identification, then enter and confirm an anti-tampering password.
|
4.
|
On the Installation Path screen, specify the directory to use for installing endpoint software on each endpoint device. The directory path must contain only English characters.
|
|
Use default location: The endpoint software is installed in a default directory: \Program Files\Websense\Websense Endpoint (Windows) or /opt/websense/LinuxEndpoint (Linux).
|
|
Use this location: Manually specify the installation path for the endpoint software. Environment variables are supported.
|
5.
|
Click Next. The screens that appear next depend on the endpoint clients you chose. See:
|
a.
|
Prepare a server with the latest updates on it (see "Automatic Updates for Websense data endpoints" for details).
|
b.
|
Select Receive automatic updates for Data Endpoint machines.
|
2.
|
Click Next and the Client Settings screen appears:
|
|
|||||
|
3.
|
Click Next. If you chose no other endpoints, skip to Global settings for instructions. Otherwise, move to Websense Web Endpoint or Remote Filtering Client.
|
1.
|
If you chose Websense Web Endpoint, use the Proxy Settings screen to specify the URL of the hybrid PAC file.
|
2.
|
Click Next to continue to the Save Installation Package screen. See Global settings for configuration instructions.
|
1.
|
If you chose Remote Filtering Client, use the Internal Connections screen to list internal connection details for each Remote Filtering Server instance to which the clients will attempt to connect. When you are finished, click Next.
|
|
IP address or hostname: Internal IP address or FQDN for the Remote Filtering Server machine.
|
|
Port: Internal communication port on the Remote Filtering Server that can be accessed only from inside the network firewall. This must be the same port entered in the Internal Communication Port field when this Remote Filtering Server was installed.
|
2.
|
On the External Connections screen, provide external connection details for each Remote Filtering Server that may handle requests for Remote Filtering Client instances. When you are finished, click Next.
|
|
IP address or hostname: Externally visible IP address or fully qualified domain name (FQDN) of the primary Remote Filtering Server machine.
|
|
Port: Externally accessible port used to communicate with the primary Remote Filtering Server. This must match the external port number entered when installing the primary Remote Filtering Server.
|
|
Clear the Log user Internet activity check box to avoid recording Internet request data for machines running Remote Filtering Client. By default, Internet activity handled by Remote Filtering Client is logged for use in Web Security reporting tools.
|
3.
|
On the Trusted Sites screen, enter any URLs or domains that should be always permitted by Remote Filtering Client. Requests for these URLs or domains are not forwarded to Remote Filtering Server, and are not logged (do not appear in reports). When you are finished, click Next.
|
|
To define a trusted site, click Add, then enter a URL or a regular expression. Any regular expression adhering to ISO/IEC TR 19768 (within the character-number limit) is valid. When you are finished, click OK.
|
4.
|
Use the Client Settings screen to configure blocking behavior, the pass phrase used to encrypt communication with Remote Filtering Server, and the display language for client components. When you are finished, click Next.
|
|
Select Notify users when HTTPS or FTP traffic is blocked to display a pop-up message on client machines for blocked HTTPS or FTP traffic. If you enable this option, also specify how long the pop-up message remains visible to the user.
|
|
Enter and confirm the Pass phrase used to encrypt communication with Remote Filtering Server. This must be the same pass phrase that you created during Remote Filtering Server installation.
|
5.
|
When you click Next, the Save Installation Package screen appears. See Global settings for instructions on configuring this screen.
|
1.
|
When you're done configuring your endpoint selections, use the Save Installation Package screen to enter a directory path to use for storing the installation package before it is deployed to client machines.
|
2.
|
Click Finish.
|
3.
|
Click OK.
|
|
The GPO command for deploying Web Endpoint is displayed on the Settings > Hybrid Configuration > Hybrid User Identification page in TRITON - Web Security. Note that the command includes a WSCONTEXT parameter that is required to ensure that your organization's policies are applied to user requests.
|
|
Instructions for deploying Remote Filtering Client via GPO can be found under Installing with a third-party deployment tool in the Remote Filtering Software technical paper.
|
|
For Web Endpoint, go to Start > Control Panel > Administrative Tools > Services. Check that Websense SaaS Service is present in the Services list, and is started.
|
|
LinuxEndpoint_SFX_installer_el4 - use with Red Hat Enterprise Linux version 4.x.
|
|
LinuxEndpoint_SFX_installer_el5 - use with Red Hat Enterprise Linux version 5.x.
|
1.
|
Go to the Settings > Hybrid Configuration > Hybrid User Identification page in TRITON - Web Security.
|
2.
|
Mark Enable installation and update of Web Endpoint on client machines.
|
3.
|
Mark Automatically update endpoint installations when a new version is released.
|
4.
|
Installing and Deploying Websense Endpoint Clients > Deploying Websense endpoints
|