Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page
Initial Configuration for All Websense Modules > Additional configuration for Web Security Gateway Anywhere
Additional configuration for Web Security Gateway Anywhere
Deployment and Installation Center | Web Security Solutions | Version 7.7.x
 
Applies to:
In this topic:
*
Web Security Gateway Anywhere, v7.7.x
*
Confirm Content Gateway registration with Data Security
*
Configuring the Content Gateway policy engine
*
Verifying Web and data security linking
In addition to the items under Web Security initial configuration, perform these procedures if your subscription includes Web Security Gateway Anywhere.
Confirm Content Gateway registration with Data Security
Content Gateway registers with Data Security automatically. To ensure that registration is successful:
*
Synchronize the date and time on the Content Gateway and Data Security Management Server machines to within a few minutes.
*
If Content Gateway is deployed as a transparent proxy, ensure that traffic to and from the communication interface ("C" on a V-Series appliance) is not subject to transparent routing. If it is, the registration process will be intercepted by the transparent routing and will not complete properly.
*
Make sure that the IPv4 address of the eth0 NIC on the Content Gateway machine is available (not required if Content Gateway is located on a V-Series appliance). This is the NIC used by the Data Security Management Server during the registration process.
After registration, the IP address can move to another network interface.
If registration fails an alarm displays in Content Gateway Manager.
1.
Verify connectivity between Content Gateway and the Data Security Management Server.
2.
In Content Gateway Manager, on the Configure > My Proxy > Basic > General page, in the Networking section confirm that Data Security > Integrated on-box is enabled.
3.
Restart Content Gateway to initiate another registration attempt.
Alternatively:
a.
Go to Configure > Security > Data Security and enter the IP address of the Data Security Management Server.
b.
Enter a user name and password for a Data Security administrator with Deploy Settings privileges.
c.
Click Register.
After Content Gateway has registered with Data Security, in Content Gateway Manager go to Configure > Security > Data Security and set the following options:
1.
Analyze FTP Uploads: Enable this option to send FTP uploads to Data Security for analysis and policy enforcement.
2.
Analyze Secure Content: Enable this option to send decrypted HTTPS posts to Data Security for analysis and policy enforcement. SSL Manager must be enabled on Content Gateway.
These options can be accessed whenever Data Security is registered by going to the Configure > Security > Data Security > General page.
3.
Click Apply and restart Content Gateway.
Data Security and the proxy communicate over ports 17000-17014.
Configuring the Content Gateway policy engine
When Content Gateway is registered with the Data Security Management Server, a Content Gateway module appears in the TRITON - Data Security System Modules screen.
By default, this agent is configured to monitor Web traffic, not block it, and for a default violation message to appear when an incident is triggered. If this is acceptable, you do not need to make changes to the Content Gateway configuration. Simply deploy the new settings.
If you want to block Web traffic that breaches policy and customize the violation message, do the following:
1.
From the TRITON - Data Security user interface, select Settings > Deployment > System Modules.
2.
Select the Content Gateway module in the tree view (click the module name itself, not the plus sign next to it).
It will be listed as Content Gateway on <FQDN> (<PE_version>), where <FQDN> is the fully-qualified domain name of the Content Gateway machine and <PE_version> is the version of the Content Gateway policy engine.
3.
Select the HTTP/HTTPS tab and configure the blocking behavior you want.
Select Help > Explain This Page for instructions for each option.
4.
Select the FTP tab and configure the blocking behavior you want.
Select Help > Explain This Page for instructions for each option.
5.
Click Save to save your changes.
6.
Click Deploy to deploy your settings.
 
* 
Important 
Even if you do not change the default configuration, you must click Deploy to finalize your Content Gateway deployment process.
Verifying Web and data security linking
When Linking Service is installed, it automatically configures linking between Web and Data Security to allow Data Security access to user identification and URL categorization data.
1.
Log onto TRITON - Data Security.
2.
Select Settings (under General) > System > URL Categories & User Names.
3.
Verify settings and test the connection.
Select Help > Explain This Page for detailed information about the settings on this screen.
4.
Click OK to save any changes.
5.
Click Deploy to deploy your settings.

Go to the table of contents Go to the previous page Go to the next page
Initial Configuration for All Websense Modules > Additional configuration for Web Security Gateway Anywhere
Copyright 2016 Forcepoint LLC. All rights reserved.