Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page
Changing the TRITON management server IP address, name, or domain > Re-registering Data Security components
Re-registering Data Security components
Deployment and Installation Center | Web, Data, and Email Security Solutions | Version 7.7.x
Applies to:                                         
In this topic:
*
Web Security Gateway Anywhere, 7.7.x
*
Data Security, v7.7.x
*
Email Security Gateway and Gateway Anywhere, 7.7.x
*
Re-register Data Security servers and agents
*
Re-register Protector
*
Re-register Websense Content Gateway
You must re-register all Data Security servers, agents, and protectors when you change the IP address, hostname, or domain of the TRITON management server.
Before you start, make sure you know the user name and password of a Data Security administrator who has an access role with System Modules privileges.
Re-register Data Security servers and agents
Go to each Data Security server and machine with a Data Security agent installed and do the following:
1.
Launch the Websense installer.
2.
In the installer, for Data Security, select the Modify link.
3.
Accept the defaults in the installer screens and click Next, until you reach the Register with the Data Security Server screen.
4.
In the Register with the Data Security Server screen, enter the new IP address of the TRITON management server along with the user name and password of a TRITON administrator.
When the installers finish:
1.
Log onto TRITON - Data Security and go to Settings > Deployment > System Modules.
2.
Verify that the components appears in the tree view.
3.
Click Deploy.
Re-register Protector
1.
Log onto each protector as root.
2.
Run wizard securecomm.
3.
Enter the Data Security Management Server's IP address along with the user name and password of a Data Security administrator with System Modules privileges.
4.
Log onto TRITON - Data Security and go to Settings > Deployment > System Modules.
5.
Verify that the protector appears in the tree view.
6.
Click Deploy.
Re-register Websense Content Gateway
To enable data loss prevention over Web channels, you must connect the Content Gateway module of your Web security solution to the Data Security Management Server. Follow these steps to establish that connection:
1.
Ensure that Content Gateway and Data Security Management Server systems are running and accessible, and that their system clocks are approximately synchronized.
2.
Ensure the Content Gateway machine has a fully qualified domain name (FQDN) that is unique in your network. Hostname alone is not sufficient.
3.
If Content Gateway is deployed as a transparent proxy, ensure that traffic to and from the communication interface ("C" on a V-Series appliance) is not subject to transparent routing. If it is, the registration process will be intercepted by the transparent routing and will not complete properly.
4.
Make sure that the IPv4 address of the eth0 NIC on the Content Gateway machine is available (not required if Content Gateway is located on a V-Series appliance). Data Security Management Server uses the eth0 NIC during the registration process.
After registration, the IP address can move to another network interface on the same machine; however, that IP address is used for configuration deployment and must be available as long as the 2 modules are registered.
5.
From the Content Gateway Manager, select Configure > Basic > General.
6.
Make sure Data Security is turned on (the On radio button and Integrated on-box must be selected). Now click the Not Registered link. This opens the Configure > Security > Data Security registration screen.
7.
Enter the IP address of the Data Security Management Server.
8.
Enter a user name and password for a Data Security administrator with Manage System Modules privileges.
9.
Click Register. You are reminded to synchronize the system time between the proxy machine and the Data Security Management Server.
10.
If registration succeeds, a Data Security Configuration page displays. Set the following configuration options:
a.
Analyze FTP Uploads: Enable this option to send FTP uploads to Data Security for analysis and policy enforcement.
b.
Analyze Secure Content: Enable this option to send decrypted HTTPS posts to Data Security for analysis and policy enforcement.
These options can be accessed whenever Data Security is registered by going to the Configure > Security > Data Security > General page.
11.
Click Apply.
12.
Restart Content Gateway.
13.
Deploy the Content Gateway module by clicking Deploy in the TRITON - Data Security user interface.
Troubleshooting the connection between Content Gateway and Data Security
If you cannot register Websense Content Gateway with the Data Security Management Server (you receive an error in Content Gateway Manager) be sure that you can ping the Data Security Management Server from the proxy machine. (Go to the Linux command line and ping the IP address of the Data Security Management Server.)
If the ping fails, make sure that you have the correct IP address for the Data Security Management Server by going to that machine and running ipconfig from the command line.
If the proxy is on a V-Series appliance, try pinging the IPv4 address of the appliance's C interface from the Data Security Management Server.
If the proxy is not on a Websense appliance, try pinging the IPv4 address of the Content Gateway host system eth0 network interface from the Data Security Management Server. The registration process requires that Content Gateway is reachable on eth0. After registration, the IP address may move to another network interface on the system, but that IP address must remain available while the 2 modules are being registered.
If Content Gateway is deployed as a transparent proxy and the communication interface ("C" on a V-Series appliance) is subject to transparent routing, the registration process was likely intercepted by the transparent routing and prevented from completing. Ensure that traffic to and from the communication interface is not subject to transparent routing.
If registration still fails, make sure that neither the proxy machine nor the Data Security Management Server has a machine name with a hyphen in it. This has been known to cause registration problems.
And make sure the Content Gateway machine has a fully qualified domain name (FQDN) that is unique in your network. Hostname alone is not sufficient to register the proxy with the Data Security Management Server.

Go to the table of contents Go to the previous page Go to the next page
Changing the TRITON management server IP address, name, or domain > Re-registering Data Security components
Copyright 2016 Forcepoint LLC. All rights reserved.