Websense Web Security Gateway Anywhere offers a flexible, comprehensive Web security solution that lets you combine on-premises and hybrid (in-the-cloud) filtering as needed to manage Internet activity for your organization.
You decide which method to use for which users. For example, use our robust on-premises Web filtering for your corporate office or main campus, and filter regional offices or satellite locations through our hybrid service. Hybrid filtering is also useful for users who are off-network, such as telecommuters and those who travel for business.
Before you can configure the hybrid service to start filtering locations, you must activate your hybrid account. This creates a connection between the on-premises and hybrid portions of Websense Web Security Gateway Anywhere.
Use the Hybrid Filtering section of the Settings > General > Account page to provide a contact email address and country for your Websense filtering administrators.
The email address is typically a group alias monitored by the group responsible for managing your Websense software. It is very important email sent to this account be received and acted upon promptly.
Select Settings > Hybrid Configuration > Filtered Locations to review, add, or edit information about the locations filtered by the hybrid portion of your Websense software.
A filtered location is the IP address, IP address range, or subnet from which browsers connecting to the hybrid service appear to be originating. Because the hybrid service is hosted outside your network, these must be external addresses, visible from the Internet. Filtered locations are:
Each location that you define appears in a table that combines a name and description with technical configuration details, including the time zone used for policy enforcement, the type of location (single IP address, IP address range, or subnet), and the actual external IP address or addresses from which requests originate.
To edit an existing entry, click the location Name, and then see
Editing filtered locations in Websense Manager Help.
To define a new location, click Add, and then see
Adding filtered locations in Websense Manager Help.
If you have added or edited a location entry, click OK to cache your changes. Changes are not implemented until you click
Save All.
Select Settings > Hybrid Configuration > Unfiltered Destinations to review, add, or edit information about target sites to which you want to grant users unfiltered access. Users can access these sites directly, without sending the request to the hybrid service. Typical unfiltered destinations include organizational Web mail sites, internal IP addresses, and Microsoft update sites.
Destinations listed here are added to the Proxy Auto-Configuration (PAC) file that defines how filtered users' browsers connect to the hybrid service. By default, the PAC file excludes all non-routable and multicast IP address ranges from filtering. Therefore, if you are using private IP address ranges defined in RFC 1918 or RFC 3330, you need not enter them here.
Each unfiltered destination that you define appears in a table that combines a name and description with technical configuration details, including how the destination is defined (as an IP address, domain, or subnet), and the actual IP address, domain, or subnet that users can access directly.
To edit an existing entry, click the location Name, and then see
Editing unfiltered destinations in Websense Manager Help.
To define a new location, click Add, and then see
Adding unfiltered destinations in Websense Manager Help.
If you have added or edited an unfiltered destination entry, click OK to cache your changes. Changes are not implemented until you click
Save All.
1.
|
Select Settings > Hybrid Configuration > User Access.
|
Use the Availability section to specify whether all Internet requests should be permitted or blocked when the hybrid service is unable to access policy information for your organization.
Under Time Zone, use the drop-down list to select a default time zone to use when applying policies to:
Users connecting to the hybrid service from an IP address that is not part of an existing filtered location. The default time zone is used, for example, by roaming users, or for other users that self-register with the hybrid service.
Use the User Identification section to configure how users are identified by the hybrid service, and to test and configure users' connections to the service.
|
Mark Use NTLM to identify users when possible to use directory information gathered by Websense Directory Agent to identify users transparently, if possible. This is used only for users connecting from a filtered location.
|
|
Mark Prompt users not identified via NTLM for logon information to have users who could not be identified via another means see a logon prompt when accessing the Internet.
|
Basic authentication is used to identify users who receive a logon prompt. Advise end users not to use the same password for hybrid filtering that they use to log on to the network.
Once you have set up hybrid filtering and configured user browsers to access the PAC file, you can use the links provided under
Verify End User Configuration to make sure that end user machines have Internet access and are correctly configured to connect to the hybrid service.
If your hybrid filtering account has not been verified (which may mean that no email address has been entered on the
Settings > General > Account page), the URLs are not displayed.
If your organization uses a supported, LDAP-based directory service?Windows Active Directory (Native Mode) or Novell eDirectory?you can collect user and group data and send it to the hybrid service.
If your organization uses Windows NT Directory, Windows Active Directory (Mixed Mode), or Sun Java System directory, user and group data cannot be collected and sent to the hybrid service.
The process is similar to setting up user service for group-based policies. For more information see
Send user and group data to the hybrid service in Websense Manager Help.