Filtering remote users with Websense remote filtering software v7.6

Similar documents
Remote Filtering Software

Remote Filtering Software

Remote Filtering. Websense Web Security Websense Web Filter. v7.1

Webinar Information. Title: Websense Remote Filtering Audio information: Dial-in numbers:

Quick Start 5: Introducing and configuring Websense Cloud Web Security solution

User Service and Directory Agent: Configuration Best Practices and Troubleshooting

Upgrading to Websense Web Security v7.6

How To Upgrade A Websense Log Server On A Windows 7.6 On A Powerbook (Windows) On A Thumbdrive Or Ipad (Windows 7.5) On An Ubuntu (Windows 8) Or Windows

Migrating your custom settings to version 7.6

Installation Guide. Websense Web Security Websense Web Filter. v7.5

Quick start 6: Administering the Websense Cloud Web Security solution

Installation Guide. Websense Web Security Websense Web Filter. v7.1

Configuration Guide. Websense Web Security Solutions Version 7.8.1

NEFSIS DEDICATED SERVER

Network Agent Quick Start

Integrated Citrix Servers

Installing and Configuring Websense Content Gateway

Configuring WCCP v2 with Websense Content Gateway the Web proxy for Web Security Gateway

Using RADIUS Agent for Transparent User Identification

DC Agent Troubleshooting

Receiver Updater for Windows 4.0 and 3.x

Using Logon Agent for Transparent User Identification

V Series Rapid Deployment Version 7.5

Websense Web Security Gateway: What to do when a Web site does not load as expected

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Installation Guide. Websense Web Security Websense Web Filter

Security. TestOut Modules

Release Notes for Websense Web Endpoint (32- and 64-bit OS)

DameWare Server. Administrator Guide

Transparent Identification of Users

Websense Support Webinar: Questions and Answers

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Installation Guide Supplement

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Setting Up Scan to SMB on TaskALFA series MFP s.

Docufide Client Installation Guide for Windows

WHITE PAPER Citrix Secure Gateway Startup Guide

v5.2 Installation Guide for Websense Enterprise v5.2 Embedded on Cisco Content Engine

Citrix Access Gateway Plug-in for Windows User Guide

2X Cloud Portal v10.5

CUSTOMER Installing SAP Afaria

Log Server Error Reference for Web Protection Solutions

OutDisk 4.0 FTP FTP for Users using Microsoft Windows and/or Microsoft Outlook. 5/1/ Encryptomatic LLC

Network Connect Installation and Usage Guide

Deploying Remote Desktop Connection Broker with High Availability Step-by-Step Guide

Quick Start 4: Identifying and Troubleshooting proxy issues for Websense Web Security Gateway

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

2X HTML5 Gateway v10.6

Cisco AnyConnect Secure Mobility Solution Guide

User and Group-Based Reporting in TRITON - Web Security: Best Practices and Troubleshooting

Installation Guide. Websense TRITON Enterprise. v7.8.x

Configuring SSL VPN on the Cisco ISA500 Security Appliance

HP ProLiant Essentials Vulnerability and Patch Management Pack Release Notes

v Installation Guide for Websense Enterprise v Embedded on Cisco Content Engine with ACNS v.5.4

Click Studios. Passwordstate. Installation Instructions

Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway

Disaster Recovery. Websense Web Security Web Security Gateway. v7.6

Laptop Backup - Administrator Guide (Windows)

WhatsUp Gold v16.3 Installation and Configuration Guide

RSA SecurID Ready Implementation Guide

Using Integrated Windows Authentication with Websense Content Gateway, v7.6

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Web Security Service

NetWrix Password Manager. Quick Start Guide

Installation Steps for PAN User-ID Agent

System Administration Training Guide. S100 Installation and Site Management

v7.8.1 Release Notes for Websense Web Security

Configuration Guide. BES12 Cloud

NSi Mobile Installation Guide. Version 6.2

Backup and Restore FAQ

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

If you have questions or find errors in the guide, please, contact us under the following address:

GlobalSCAPE DMZ Gateway, v1. User Guide

Option 1 Using the Undelete PushInstall Wizard.

Web Security Log Server Error Reference

HELP DOCUMENTATION SSRPM WEB INTERFACE GUIDE

TRITON - Web Security Help

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

Installing Samsung SDS CellWe EMM cloud connectors and administrator consoles

Using DC Agent for Transparent User Identification

ENABLING RPC OVER HTTPS CONNECTIONS TO M-FILES SERVER

TRITON - Web Security Help

v7.8.2 Release Notes for Websense Content Gateway

Installation Guide for Pulse on Windows Server 2008R2

Hosted Microsoft Exchange Client Setup & Guide Book

Contents. Introduction. Prerequisites. Requirements. Components Used

MIGRATING TO AVALANCHE 5.0 WITH MS SQL SERVER

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Delegated Administration Quick Start

v6.1 Websense Enterprise Reporting Administrator s Guide

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

Integrated Cisco Products

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Installation Guide. Squid Web Proxy Cache. Websense Enterprise Websense Web Security Suite. v for use with

User s Guide for OpenERP Microsoft Outlook Free Plug-in 1.0 By Axelor

Installing and Configuring vcloud Connector

User-ID Best Practices

Web-Access Security Solution

pcanywhere Advanced Configuration Guide

Transcription:

Filtering remote users with Websense remote filtering software v7.6 Websense Support Webinar April 2012 Websense 2012

Webinar Presenter Greg Didier Title: Support Specialist Accomplishments: 9 years supporting Websense products Qualifications: Technical Support Mentor Product Trainer 2

Goals And Objectives Introduce remote filtering software Requirements and how it works. Installing remote filtering software Preparation and installation. Setting up remote filtering software Component configuration options. Troubleshooting Demonstration Client software installation. 3

Introduce Remote Filtering Software Websense remote filtering software filters HTTP, HTTPS, and FTP Internet requests from machines outside-the-network. All communication from external machines to your network is authenticated and encrypted. Available with: Websense Web Filter Websense Web Security Websense Web Security Gateway Websense Web Security Gateway Anywhere 4

Introduce Remote Filtering Software Remote Filtering Client Allows filtering machines when they are outside the network. Communicates with Remote Filtering Server installed inside your organization s firewall. Remote Filtering Server Provides Web filtering for machines located outside your network firewall. Acts as a proxy. Accepts Remote Filtering Client requests and then forwards them to Filtering Service. Remote Filtering Server only filters computers running the Remote Filtering Client software. 5

System Requirements Remote Filtering Client Version 7.6.x installs on the following supported Microsoft Windows operating systems. 6

System Requirements Remote Filtering Server Version 7.6.x is supported on the following operating systems: Red Hat Enterprise Linux 4 and 5. Windows Server 2003 and 2003 R2. Windows Server 2008 and 2008 R2. 7

Deployment Information Guidelines for installing Remote Filtering Server: Inside your organization s outermost network firewall. In the DMZ. On its own, dedicated machine. Do not install with Filtering Service or Network Agent. Does not need to be joined to the domain. Must be able to communicate with: External Remote Filtering Clients. Internal Filtering Service, Policy Server, and Policy Broker. Install only one primary Remote Filtering Server per Filtering Service. 8

How Remote Filtering Works Remote Filtering Client resides on client machines that are sometimes or always used outside your organization s network. When a user makes a browser-based Internet request, Remote Filtering Client uses a heartbeat to determine whether it is within or outside the network. If the machine is outside the network, the Internet request is forwarded to Remote Filtering Server. If the machine is inside the network, Remote Filtering Client becomes passive. 9

When The Client Is Outside Your Network 1. A heartbeat failure prompts Remote Filtering Client to send queries for each HTTP, HTTPS, or FTP request to the Remote Filtering Server. 2. Remote Filtering Server then forwards the request to Filtering Service. 3. Filtering Service evaluates the request and sends back a response. 4. Remote Filtering Server sends the response to the client. 5. If the site is blocked, Remote Filtering Client requests and receives the appropriate block page. - External - - DMZ - Remote Filtering Server - Internal - Internet Request Remote Filtering Client Remote Filtering Client becomes active Filtering Service 10

When The Client Is Inside Your Network 1. When a heartbeat connection succeeds, Remote Filtering Client becomes passive. It does not query Remote Filtering Server about Internet requests. 2. Browser requests are passed directly the Websense integration. Internet request are filtered like any other internal request. - External - - DMZ - Remote Filtering Server - Internal - Remote Filtering Client Remote Filtering Client becomes Passive Filtering Service 11

Recap Examining The Heartbeat Attempt Active Remote Filtering Client Passive Remote Filtering Client 12

Identify Remote Users Determining The Policy Logging in with cached domain credentials. Filtering Service resolves user name and applies user and group-based policies. Logging in with a local computer account. Filtering Service cannot resolve the user name. If manual authentication is enabled: User receives a logon prompt. Internet requests are filtered by the appropriate user or group policy. Logging in with a local account and manual authentication is not enabled. Internet requests are filtered by the Default policy. Internet activity is logged under the local user name. Filtering on policies assigned to IP addresses or IP address ranges does NOT apply. 13

Identify Remote Users Determining The Policy Internal client filtering 1. User 2. Computer IP 3. Network IP Range 4. Group 5. OU 6. Default Policy If 1 thru 5 do not match, then the Default Policy always applies. External client filtering 1. User 2. Group 3. OU 4. Default Policy If 1 thru 3 do not match, then the Default Policy always applies. Policies assigned to computer IP or IP range do not apply for externally filtered clients. 14

Remote And Local Filtering Differences For HTTP sites with a category set to the Quota or Confirm. Remote filtering offers the appropriate block message, including the Quota or Continue button. For FTP or HTTPS sites set to Quota or Confirm. The block page is presented; however, the Quota or Continue buttons are excluded. 15

Remote And Local Filtering Differences For HTTP sites with a category set to the Quota or Confirm. Remote filtering offers the appropriate block message, including the Quota or Continue button. For FTP or HTTPS sites set to Quota or Confirm. The block page is presented; however, the Quota or Continue buttons are excluded. 16

When Server Communication Fails Remote Filtering Client cannot contact Remote Filtering Server. By default, all HTTP, HTTPS, and FTP requests are permitted (fail open). Remote Filtering Client continues attempting to reconnect. When communication is reestablished, the appropriate filtering policy is enforced. When configured to block all requests (fail closed). No Internet access is allowed until a connection is reestablished. 17

Payment Portals When a user must pay for Internet access. Remote Filtering Client detects and permits connections to payment portals. When Internet access has been paid, Remote Filtering Client starts filtering Internet requests. 18

Virtual Private Network (VPN) A VPN connection, including split-tunneled VPN, is supported. Split-tunnel: All Internet requests go through the network adapter not connected to the internal network. The heartbeat identifies the adapter not connected to the internal network. Websense tested split-tunneling for the following VPN clients: Cisco AnyConnect 2.5 and 3.0 Juniper/NetScreen Microsoft PPTP 19

Recap: Introducing Remote Filtering Software System requirements Deployment information How remote filtering works Identifying remote users Differences between remote and local filtering When server communication fails Virtual Private Network (VPN) 20

Installing Remote Filtering Software Next topics: Preparing for installation Ensuring ports are open Installing Remote Filtering Server Installing Remote Filtering Client Customizing the client install package Installing manually Uninstalling Remote Filtering Client Demonstration 21

Preparing for installation A functioning Websense Web Security deployment must exist. Permit communications from Remote Filtering Server in the DMZ to Policy Broker, Policy Server, and Filtering Service located inside your network. For remote filtering to function properly, leave these ports open. 22

Preparing for installation Permit external communication from Remote Filtering Clients to Remote Filtering Server on port 8080. Close external communication from Remote Filtering Clients on port 8800. 23

Preparing for installation Permit internal communication on the heartbeat port. Open access to Remote Filtering Server in the DMZ from Remote Filtering Clients residing inside your network. 24

Recap: Port Communications DMZ 55825* 55806* 40000* 55880 15868 15871 External 8080 (or 80) 8800 (block) Internal 8800 * May close these ports after installation. 25

Installing Remote Filtering Server 1. Preparing to install Installer available from www.mywebsense.com. 2. Selecting components In the Websense installer, select Custom mode. 3. Defining the Remote Filtering Server initial configuration Identify Policy Server External IP (of FQDN) and port Internal heartbeat port Pass phrase 32-character limit on the pass phrase (in v7.6). Identify Filtering Service 26

Installing Remote Filtering Server 27

Installing Remote Filtering Server 28

Installing Remote Filtering Server 29

Installing Remote Filtering Server 30

Installing Remote Filtering Server 31

Installing Remote Filtering Server 32

Installing Remote Filtering Server Is Network Agent or an integration product configured to filter HTTP requests? If so, then make sure that it does NOT filter requests going to or from the Remote Filtering Server machine. For Network Agent: In TRITON - Web Security, go to Settings > Network Agent > Global > IP_address > Network Interface Cards > NIC-x > Monitoring > Configure button > Monitor List Exceptions > Add, then enter the Remote Filtering Server IP address. 33

TRITON Web Security Review the remote filtering options within the manager. 34

Installing Remote Filtering Client To start using your remote filtering software, you must also: 1. Obtain the Remote Filtering Client Pack. 2. Create one or more client profiles. Demonstration 3. Install the Remote Filtering Client profile on computers. Demonstration 35

Obtain The Remote Filtering Client Pack Run the Websense Installer, select Custom > Web Security. The client pack files are in the 32- bit and 64-bit subfolders under:...\websense\web Security\DTFAgent\RemoteFilteringAgentPack\ 36

Obtain The Remote Filtering Client Pack Also available from within the decompressed installer directory. C:\WINDOWS\Installer\{E546D7B7-67FE-456b-A3CA- 87CF3BD80743}\Filter_7.6.2_w2k3_cd_en_FULL_1449\Windows\DTFA gent\remotefilteringagentpack The Windows\Installer directory is hidden by default. To display, select Show hidden files and folders in the Folder Options settings. This path is specific for v7.6.2 build 1449. Your path may differ slightly. 37

Create One Or More Client Profiles You must create at least one profile (a customized installation package) to successfully deploy Remote Filtering Client. The Remote Filtering Client Pack contains the Remote Filtering Client Configuration tool (WRFEUtil_platform_version.exe). Double-click to extract the Client Configuration tool file. 38

Create One Or More Client Profiles Create your custom profile, double-click RFClient_Config.exe. 39

Create One Or More Client Profiles Create your custom profile, double-click RFClient_Config.exe. 40

Create One Or More Client Profiles Create your custom profile, double-click RFClient_Config.exe. 41

Create One Or More Client Profiles Create your custom profile, double-click RFClient_Config.exe. 42

Create One Or More Client Profiles Create your custom profile, double-click RFClient_Config.exe. 43

Create One Or More Client Profiles Create your custom profile, double-click RFClient_Config.exe. 44

Create One Or More Client Profiles Create your custom profile, double-click RFClient_Config.exe. 45

The Client Configuration tool The Remote Filtering Client install files, double-click setup.exe. 46

Demonstrations Remote Filtering Client software install. Internal block page delivered via network agent or integration. Note the internal IP address displayed in the URL. External block page delivered via Remote Filtering Server. Note the external IP address displayed in the URL. 47

Demonstration Remote Filtering Client Installation When the laptop moves outside your network, the Remote Filtering Client becomes active. - DMZ - Remote Filtering Client (Active) Remote Filtering Server Internet Requests Filtering Service Internet Requests Internet Requests Remote Filtering Client - External (Public) - - Internal (Private) - 48

Troubleshooting Remote Filtering Server Ensure the Remote Filtering Server service is running. Service should restart successfully. Review the Application Event log. Check port connectivity using TELNET command. 55806 ~ Open to Policy Server (internal) from DMZ. 15868, 15871 ~ Open to Filtering Service (internal) from DMZ. 55880 ~ Open to Policy Broker (internal) from DMZ. 8080 ~ Open to DMZ from external Remote Filtering Clients. 8800 (Heart Beat) ~ Open to DMZ from internal network. Check the Server WISP Proxy settings. SecureWISPProxy.ini file, located in \Websense\Web Security\bin. 49

Troubleshooting Remote Filtering Server Ensure the Remote Filtering Server service is running. Service should restart successfully. Review the Application Event log. Check port connectivity using TELNET command. 55806 ~ Open to Policy Server (internal) from DMZ. 15868, 15871 ~ Open to Filtering Service (internal) from DMZ. 55880 ~ Open to Policy Broker (internal) from DMZ. 8080 ~ Open to DMZ from external Remote Filtering Clients. 8800 (Heart Beat) ~ Open to DMZ from internal network. Check the Server WISP Proxy settings. SecureWISPProxy.ini file, located in \Websense\Web Security\bin. 50

Troubleshooting Remote Filtering Server Ensure the Remote Filtering Server service is running. Service should restart successfully. Review the Application Event log. Check port connectivity using TELNET command. 55806 ~ Open to Policy Server (internal) from DMZ. 15868, 15871 ~ Open to Filtering Service (internal) from DMZ. 55880 ~ Open to Policy Broker (internal) from DMZ. 8080 ~ Open to DMZ from external Remote Filtering Clients. 8800 (Heart Beat) ~ Open to DMZ from internal network. Check the Server WISP Proxy settings. SecureWISPProxy.ini file, located in \Websense\Web Security\bin. 51

Troubleshooting Remote Filtering Server Ensure the Remote Filtering Server service is running. Service should restart successfully. Review the Application Event log. Check port connectivity using TELNET command. 55806 ~ Open to Policy Server (internal) from DMZ. 15868, 15871 ~ Open to Filtering Service (internal) from DMZ. 55880 ~ Open to Policy Broker (internal) from DMZ. 8080 ~ Open to DMZ from external Remote Filtering Clients. 8800 (Heart Beat) ~ Open to DMZ from internal network. Check the Server WISP Proxy settings. SecureWISPProxy.ini file, located in \Websense\Web Security\bin. 52

Troubleshooting Remote Filtering Server Ensure the Remote Filtering Server service is running. Service should restart successfully. Review the Application Event log. Check port connectivity using TELNET command. 55806 ~ Open to Policy Server (internal) from DMZ. 15868, 15871 ~ Open to Filtering Service (internal) from DMZ. 55880 ~ Open to Policy Broker (internal) from DMZ. 8080 ~ Open to DMZ from external Remote Filtering Clients. 8800 (Heart Beat) ~ Open to DMZ from internal network. Check the Server WISP Proxy settings. SecureWISPProxy.ini file, located in \Websense\Web Security\bin. 53

Troubleshooting Remote Filtering Server Examine the Remote Filtering Server log file. tracefile.log Check server for excessive connections netstat an find 15868 /C netstat an find 15871 /C Reset pass phrase from \Websense\Web Security\bin folder. SecureWISPProxy p <new_pass_phrase> NOTE: Remote Filtering Server has no registry or file protection. Two Network Interface Cards (different networks) not supported. Obtain a packet capture. 54

Troubleshooting Remote Filtering Client Ensure the Websense Desktop Client service is running. Restart client service or end client machine. wepsvc.exe -stop -password <passphrase> WSRF wepsvc.exe -start WSRF Websense service and files are protected. Check port connectivity using TELNET. 8080 ~ Open to DMZ for external Remote Filtering Clients. 8800 (Heart Beat) ~ Open to DMZ from internal network. 8800 (Heart Beat) ~ Blocked to DMZ from external (public) access. Examine the Remote Filtering Client log file. DebugDump.txt 55

Troubleshooting Remote Filtering Client Check ports, IP addresses, and pass phrase settings. Run the profile creator utility: RFClient_Config.exe Gather log files for Websense techsupport. Run the file collector utility: ClientInfo.exe Packet capture 56

Additional Information See the Remote Filtering Software technical paper for more information about installing, configuring, and using remote filtering. PDF or HTML Deployment and Installation Center for system requirements, integration configuration, and installation of all Websense components. 57

Additional Information How do I deploy v7.6 Remote Filtering Clients? How to create a Remote Filtering Client profile for v7.6 How to silently install Remote Filtering Client v7.6 How do I modify the v7.6 Remote Filtering Client profile? v7.6 Remote Filtering with V-Series Appliance How to stop the v7.6 Remote Filtering Client service How to verify communication between the Remote Filtering Client and Server How to enable Remote Filtering debugging and Remote Filtering Client tracing Troubleshooting remote filtering software 58

Additional Information Use the TRITON Web Security management help system. 59

Recap: Remote Filtering Software Learned how remote filtering software works. Installation Remote Filtering Server Remote Filtering Client Troubleshooting steps. Know where to find helpful information. 60

TEST Install your Remote Filtering Client Pass phrase: webinar1 Remote Filtering Client (Active) - DMZ - 10.14.0.14 Heart beat: 8800 Remote Filtering Server Internet Requests 204.15.65.221 Port: 8080 Filtering Service - External (Public) - - Internal (Private) - 61

Webinar Announcement Title: Identifying Users with Logon Agent: Implementation and Troubleshooting Webinar Update Date: May 23, 2012 Time: 8:30 A.M. PDT (GMT -8) How to register: http://www.websense.com/content/ SupportWebinars.aspx 62

Questions 63

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information