Transcription
Getting StartedWebsense Web Security Gatewayon the Websense V10000 Appliancewith Riverbed Steelhead 250 branch office appliancesv7.1
1996–2010, Websense, Inc.10240 Sorrento Valley Rd., San Diego, CA 92121, USAAll rights reserved.Published 2010Printed in the United States of America and IrelandThe products and/or methods of use described in this document are covered by U.S. Patent Numbers 5,983,270; 6,606,659; 6,947,985; 7,185,015;7,194,464 and RE40,187 and other patents pending.This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machinereadable form without prior consent in writing from Websense, Inc.Every effort has been made to ensure the accuracy of this manual. However, Websense, Inc., makes no warranties with respect to thisdocumentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Websense, Inc., shall not be liable forany error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein.The information in this documentation is subject to change without notice.TrademarksWebsense is a registered trademark of Websense, Inc., in the United States and certain international markets. Websense has numerous otherunregistered trademarks in the United States and internationally. All other trademarks are the property of their respective owners.Microsoft, Windows, Windows NT, Windows Server, Windows Vista and Active Directory are either registered trademarks or trademarks ofMicrosoft Corporation in the United States and/or other countries.Novell, Novell Directory Services, eDirectory, and ZENworks are trademarks or registered trademarks of Novell, Inc., in the United States andother countries.Pentium and Xeon are registered trademarks of Intel Corporation.This product includes software developed by the Apache Software Foundation (www.apache.org).Copyright (c) 2000 The Apache Software Foundation. All rights reserved.Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are the sole propertyof their respective manufacturers.WinPcapCopyright (c) 1999 - 2010 NetGroup, Politecnico di Torino (Italy).Copyright (c) 2010 CACE Technologies, Davis (California).All rights reserved.Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentationand/or other materials provided with the distribution. Neither the name of the Politecnico di Torino, CACE Technologies nor the names of its contributors may be used to endorse or promote productsderived from this software without specific prior written permission.THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIEDWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR APARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FORANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOTLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESSINTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, ORTORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IFADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
ContentsTopic 1Web Security Gateway and Riverbed Steelhead 250 . . . . . . . . . . 5Deployment overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Data center hardware and software requirements . . . . . . . . . . . . . . . . . .Websense V10000 appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Windows server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Database engine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Directory service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Other . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Topic 2Setting up the Riverbed Steelhead 250 . . . . . . . . . . . . . . . . . . . . . . . . 11Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Set up the appliance hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Perform initial command line configuration . . . . . . . . . . . . . . . . . . . . .Prepare to run jump-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Configure the Steelhead 250 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Preparing for Steelhead 250 configuration . . . . . . . . . . . . . . . . .Upgrading to RiOS (Riverbed IOS) and RSP Version 5.5.x . . . .Generating, uploading, and starting the Windows RSP package.Setting up data flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Adding Websense software to Riverbed RSP VM at branch . . .Topic 3566788911121212131414162123Installing Websense Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Install Microsoft SQL Server at the data center . . . . . . . . . . . . . . . . . . .Install Websense components at the data center . . . . . . . . . . . . . . . . . .Set up the Websense appliance hardware. . . . . . . . . . . . . . . . . . . . . . . .Perform initial command line configuration . . . . . . . . . . . . . . . . . . . . .Configure the V10000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Install Websense Manager and Log Server . . . . . . . . . . . . . . . . . . . . . .Configure Websense Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Special directory service considerations . . . . . . . . . . . . . . . . . . . . . .Configure Websense Content Gateway . . . . . . . . . . . . . . . . . . . . . . . . .Test and refine your policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Recovering the V10000 appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Install Websense components at the branch office. . . . . . . . . . . . . . . . .Installation procedure: branch components. . . . . . . . . . . . . . . . . . . .Configuring branch copy of Network Agent, at data center . . . .Known Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252526262730343738394041424343Getting Started 3
ContentsQuota time cannot be determined precisely. . . . . . . . . . . . . . . . .HTTPS block page not displayed in non-proxy environment . . .Quota/Confirm HTTPS URL permitted if no proxy . . . . . . . . . .Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Technical Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 WebsenseWeb Security and Riverbed Steelhead4344444445
1Websense Web Security Gatewaywith the Riverbed Steelhead 250Websense Web Security software and Riverbed Steelhead appliances provide fast,flexible Web security and WAN optimization in a variety of configurations. This guideexplains how to set up and configure the Websense Web Security v7.1 componentswhen you are using a Steelhead 250 appliance at branch offices and the WebsenseV10000 appliance at the data center.Deployment overviewDistributed organizations with remote and branch offices can integrate Websense WebSecurity software with Riverbed appliances by deploying two key components of thesoftware on a Steelhead 250 appliance in the branch offices. All Web security policiesare hosted and configured centrally, at the data center. This provides local Websecurity at the branch offices, with persistent policy management and reporting fromthe corporate data center, where Websense Web Security software runs on a WebsenseV10000 appliance.In this deployment, the administrator can use a PAC file to control how branch trafficis filtered. Any HTTP/HTTPS/FTP traffic passing from the branch office through theV10000 appliance, and then to the Internet, is filtered by the V10000. The remainingHTTP/HTTPS/FTP traffic from the branch may go to the Internet directly from thelocal network and would be filtered by the Websense Web Security components on theRiverbed Steelhead 250. In addition, all other branch traffic (such as IM, P2P, FileTransfer) is also filtered by Websense components on the Riverbed Steelhead 250.Getting Started 5
Websense Web Security Gateway with the Riverbed Steelhead 250Typically, the components are deployed as shown below.A Windows server at the data center houses Websense Manager (the configurationinterface for Websense Web Security) and Log Server (which processes filtering logrecords into a separate Microsoft SQL Server database for reporting). The WebsenseV10000 appliance houses the central policy database that serves all branches, as wellas other key Websense software components.Data center hardware and software requirementsIn the data center, the integrated solution uses the hardware and software specifiedbelow. Some elements are required, such as the Websense V10000 appliance and oneWindows server. Others components are optional, such as a directory service, whichallows you to apply Web filtering policy to individual users and groups in yourorganization.Websense V10000 applianceThe Websense V10000 appliance is a high-performance platform for Websense WebSecurity Gateway, combining Websense Web Security filtering and Websense ContentGateway proxy on a single, high-powered machine. The V10000 solution requires aseparate Windows 2003 or Windows 2008 Server in the network, which housesWebsense Manager, the configuration interface for Websense Web Security, and LogServer, which processes filtering log records into a separate Microsoft SQL Serverdatabase.6 Websense Web Security and Riverbed Steelhead
Websense Web Security Gateway with the Riverbed Steelhead 250This security solution offers: V10000 Console, a Web-based configuration interface that offers appliancemanagement features like: System dashboard, with up-to-the-minute status of the software modules andsystem resources Appliance configuration and network settings System administration, including patch management and backup and restoreEvents related to appliance configuration and patching are logged. The log entriescan be viewed in the V10000 Console, or the entire log file can be downloaded.Command line interface for basic appliance settings, available through a USBkeyboard and monitor or a serial port connection, that provides basic appliancecontrol commandsBasic proxy caching and Web filtering after minimal initial configurationFull customization of proxy caching and Web filtering available through theseseparate Web-based configuration interfaces: Websense Content Manager — proxy caching Websense Manager — Web filteringWindows serverYour data center must have a Windows server machine that meets the requirementslisted below. This is the machine where you install Websense Manager (theconfiguration interface for Web filtering) and Log Server (the component that receivesInternet activity information and processes it into the Log Database).ImportantSelf-signed certificates are created to securecommunications between Websense components. In orderfor these certificates to be valid, and for communication tosucceed, all the machines running Websense componentsmust have the same date.Please set the appliance time in your branches, the time onthe Websense V10000, and the time on the Windowsserver machine, before installing Websense Manager andLog Server.Hardware Quad-Core Intel Xeon processor, 2.5 GHz or higher 4-16 GB RAM 100 GB free disk space utilizing a disk array High speed disk accessGetting Started 7
Websense Web Security Gateway with the Riverbed Steelhead 250Operating System Windows Server 2008 (Standard, Enterprise, and Datacenter) installed in 32-bitnative mode Windows Server 2003, R2 (Standard or Enterprise) Windows Server 2003, SP1 or SP2 (Standard or Enterprise) Windows Server 2003 (Standard or Enterprise)Additional Software Internet Explorer 7 or Firefox 2 or 3 Common Desktop Environment (CDE) Apache Tomcat 6.0.13 (installed automatically with Websense Manager) Adobe Flash Player 8 or laterDatabase engineOne of the following supported database engines is required to store log data forreporting. Although this software can run on the same Windows server that runsWebsense Log Server, better performance is achieved when it runs on a dedicatedserver.One of these databases: Microsoft SQL Server 2005 SP2 or SP 3 (Workgroup, Standard, or Enterpriseedition) (recommended) Microsoft SQL Server 2000 SP4 MSDE 2000 SP4 - suitable for smaller networks running Windows Server 2003The following recommendations apply to the machine running the database engine,especially if it runs on the same Windows server as Websense Manager and LogServer. You can improve I/O performance by installing the Log Database on a disk arrayrunning RAID level 1 0.The amount of required RAM depends on the total number of requests beingstored and the number of requests per second being processed. To optimize RAMusage, use the Enterprise Edition of Microsoft SQL Server on a machine runningWindows Server 2003 Enterprise Edition or Windows Server 2008 EnterpriseEdition or Datacenter.Directory serviceIf your network includes one of the supported directory services listed below, you canapply Web filtering to individual users, groups, and domains (OUs). Additionally, youcan install an optional transparent identification agent from Websense, to ensure thatclients in a supported directory service are filtered without being prompted to log on8 Websense Web Security and Riverbed Steelhead
Websense Web Security Gateway with the Riverbed Steelhead 250when they open a browser. (If no directory service is installed, Websense WebSecurity uses IP addresses for Web filtering.)For organizations where multiple administrators may access Websense Manager (theWeb-based configuration interface for Websense Web Security), administrators withaccounts in most supported directory services can log on with their networkcredentials.NoteIf your network uses a Windows NTLM directory service,or Active Directory in mixed mode, you must createWebsense accounts for any administrators who must logon to Websense Manager (see Websense Manager Help forinstructions). This configuration does not support loggingon to Websense Manager with network credentials. Windows Active Directory Windows NT Directory Novell eDirectory 8.51 or later NMAS authentication is supported. Recommend Novell Client v4.83 or v4.9 (v4.81 and later are supported) Other LDAP-based directory services Most standard RADIUS serversThe following RADIUS servers have been tested: Livingston (Lucent) 2.x Cistron RADIUS server Merit AAA Microsoft IASOtherOptionally, you can deploy the Websense Remote Filtering Server in the data center,to enable filtering of laptops and other computers that are outside the organization’snetwork. A client agent is required for each laptop.For information about system requirements and appropriate placement of machinesfor additional or optional components, see the Websense Deployment Guide.Getting Started 9
Websense Web Security Gateway with the Riverbed Steelhead 25010 Websense Web Security and Riverbed Steelhead
2Setting up the RiverbedSteelhead 250Setting up Websense software integrated with the Steelhead 250 involves thefollowing tasks, which are detailed in this guide.1. Set up the Websense software in the data center first, before setting up thebranch software. See Install Websense components at the data center forinstructions.2. Ensure that all Prerequisites have been completed.3. Set up the appliance hardware.4. Perform initial command line configuration on the appliance.5. Configure the Steelhead 250 for use with Websense software.6. Install two components of Websense software on the Steelhead 250. SeeInstall Websense components at the branch office.PrerequisitesSatisfy these requirements before you set up the Riverbed Steelhead 250: Upgrade RAM to at least 3GB.The default RAM for the Steelhead 250 appliance is 1GB. But at least 3GB ofRAM are required when Websense Web Security is deployed on the RiverbedServices Platform (RSP). 1G is required for the Riverbed System, 2GB for theWebsense RSP virtual machine. Insert at least an additional 2GB of RAM into theRAM slot.For instructions on upgrading memory on the Steelhead 250, please see theRiverbed Upgrade and Maintenance Guide. Obtain a valid RSP license from Riverbed.The Riverbed Services Platform (RSP) provides customers with the ability to runup to five additional services and applications in virtual memory on VMware in aprotected partition on the Steelhead 250 appliance. The RSP function must beenabled by a valid RSP license before you install Websense Web Securitycomponents.For more information about an RSP license, please contact Riverbed. Websense Web Security can be installed only on Riverbed RIOS version 5.5.x andRSP version 5.5.x.Getting Started 11
Setting up the Riverbed Steelhead 250Websense and Riverbed have certified that Websense Web Security 7.1components can integrate with RIOS version 5.5.x and RSP version 5.5.x.Unpredictable results may occur if other versions of Websense Web Security orRSP are used.Set up the appliance hardwareFollow the Riverbed Steelhead hardware setup guide for model 250 hardware setup.Connect all power sources, the network cables, and the serial cable.Perform initial command line configurationThe first time you start the appliance, a brief script (jump-start) prompts you to supplybasic settings for the appliance.Prepare to run jump-startThe jump-start script prompts you for the following information [defaults shown inbrackets]. Gather needed data before you start the script.Riverbed Steelhead configuration wizard.Step 1: Hostname? [example]Step 2: Use DHCP on primary interface? [no]Step 3: Primary IP address? [ ]Step 4: Netmask? [ ]Step 5: Default gateway? [ ]Step 6: Primary DNS server? [ ]Step 7: Domain name? [example.com]Step 8: Admin password?Step 9: SMTP server? [exchange]Step 10: Notification email address? [examplem@riverbed.com]Step 11: Set the primary interface speed? [auto]Step 12: Set the primary interface duplex? [auto]Step 13: Would you like to activate the in-pathconfiguration? [yes]Step 14: In-Path IP address? [ ]Step 15: In-Path Netmask? [ ]Step 16: In-Path Default gateway?Step 17: Set the in-path:LAN interface speed? [auto]Step 18: Set the in-path:LAN interface duplex? [auto]Step 19: Set the in-path:WAN interface speed? [auto]Step 20: Set the in-path:WAN interface duplex? [auto]After you gather the information, run the initial command line configuration, asfollows.12 Websense Web Security and Riverbed Steelhead
Setting up the Riverbed Steelhead 2501. Access the appliance through a serial port connection.NoteTo configure the appliance, connect through the serial portand complete the jump-start script.2. To run the initial script, enter the following command:enableconfigure terminalconfiguration jump-start3. Configure the network with the information assembled earlier. Accept the defaultvalue for all Yes/No questions.4. After the jump-start script has been completed successfully, go to a differentmachine and use a supported Web browser to access the Steelhead 250 Console.See Configure the Steelhead 250, page 13.Configure the Steelhead 250The Steelhead 250 console is a Web-based configuration interface for the appliance.Through it you can view system status, configure network and communicationsettings, and perform general Steelhead 250 administration tasks.After completing the initial configuration required by the jump-start script, use theSteelhead 250 console to configure important settings for network interfaces andupload the RSP package.You need a flash drive with at least 1 GB of free space to hold the latest RSP packagefor upload.Getting Started 13
Setting up the Riverbed Steelhead 250Preparing for Steelhead 250 configurationGather the following information before running the Steelhead 250 console. Some ofthis information may have been gathered during hardware setup.User name and password for accessing theRiverbed Support Web siteIP address assigned to the network interface for theSteelhead 250 console managerRSP license key from RiverbedIP address for network interface Inpath 0 0Subnet mask for network interface Inpath 0 0Default gateway for network interface Inpath 0 0(IP address)See the Steelhead 250 help system for detailed instructions on any field or area, or forinformation about other available settings.Upgrading to RiOS (Riverbed IOS) and RSP Version 5.5.x1. Open a supported browser, and enter this URL in the address bar:https:// IP address Replace IP address with the address assigned to the console during initialconfiguration of the Steelhead 250.2. Log on with the user name admin and the password assigned during initialconfiguration of the Steelhead 250.3. Upgrade the Steelhead 250 software to version 5.5.x. (requires an account withRiverbed):a. Open a supported browser, and enter the following URL in the address bar:http://www.riverbed.com/supportb. Download the version 5.5.x software image (RiOS - Base OS) available fromthe support site. Please download the version specific to Steelhead 250. Youcan also sign up for upgrades with Riverbed at this time.c. Use the console to upload and install the software:14 Websense Web Security and Riverbed Steelhead
Setting up the Riverbed Steelhead 250 Navigate to Configure Maintenance Software Upgrade.Upload the downloaded 5.5.x RiOS from the local directory, and then clickInstall Upgrade to upgrade.Riverbed Steelhead will reboot and apply the new 5.5.x RiOS successfully.4. Configure the inpath0 0 Interface by navigating to Configure Networking Inpath0 0.Getting Started 15
Setting up the Riverbed Steelhead 2505. Apply the RSP license key (provided by Riverbed) by navigating to Configure Maintenance Licenses and choosing Add a New License.6. Upgrade the RSP to v5.5.x (requires an account with Riverbed):a. Open a supported browser, and enter the following URL in the address . Download the v5.5.x RSP image from the support site. Please download theversion specific to Steelhead 250.c. Install the RSP image: Navigate to Configure Branch Services RSP ServiceClick the down arrow to drop down the menu for Install RSP From.Select either URL, Local File, or Existing Image, and then provide thepath or point to the image.Click Install.Click Start to start RSP.Generating, uploading, and starting the Windows RSP package1. Move to a computer running VMware Workstation or VMware ESX server.2. Download the Package Generator Wizard from the Riverbed Support (Downloading this Package Generator requires an account with Riverbed.)16 Websense Web Security and Riverbed Steelhead
Setting up the Riverbed Steelhead 2503. Create a custom VMware image for Websense Web Security components usingVMware Workstation or VMware ESX server. For complete details about thisprocess, see the chapter Creating an RSP Package for a Windows Server in theRiverbed Services Platform Installation and Configuration Guide for RiOSVersion 5.5.x.a. Allocate 1.8 Gigabytes of RAM for the image.b. Browse to your Windows Virtual Machine folder. If you find a folder named.vmx.lck in that location, remove the .vmx.lck folder before proceeding.4. Generate an RSP package by running the Package Generator Wizard.Getting Started 17
Setting up the Riverbed Steelhead 2505. Point the RSP Package Generator to the VM directory.6. Configure the RSP package details, and then click Next.18 Websense Web Security and Riverbed Steelhead
Setting up the Riverbed Steelhead 2507. Keep the default configuration for Watchdog, and then click Next.8. Add a single v-inpath VNIC by clicking Add under Optimization Interfaces, andthen click OK and Next.Getting Started 19
Setting up the Riverbed Steelhead 2509. Ensure that Resource Requirements are sufficient.a. Virtual Machine RAM must be 1.8 gigabytes.b. Virtual Machine Storage must be at least 18 gigabytes.10. Fill in the Output settings, and then click Create Package. Your package is nowready.11. After creating the RSP package, save the package by clicking SaveConfiguration.12. Copy the package to a location that can be accessed by the RSP platform. You canuse a flash drive that has at least 1 GB of free space.13. If you use a flash drive to copy the package, insert the flash drive into a USB portin a client machine anywhere in the network.20 Websense Web Security and Riverbed Steelhead
Setting up the Riverbed Steelhead 25014. To begin the process of uploading the RSP package from a client machine to theSteelhead 250 appliance, navigate to Configure Branch Services RSPPackages. Then click Fetch a Package to upload the RSP package from a localPC or remote http/https/scp/ftp server.15. Click a Slot number, and then click Enable Slot.Setting up data flow1. Navigate to Configure Branch Services RSP Data Flow.The RSP package has one VNI (Virtual Network Interface), which we namedGetting Started 21
Setting up the Riverbed Steelhead 250Monitor when we added it in this example. Find the interface you added, and addthis interface in position 1 in the data flow, between LAN0 0 and RiOS0 0 fromthe Interface drop-down menu.2. Set the action for IP and Non-IP Rules for this VNI to copy traffic to slot. This issimilar to spanning a port off a switch.3. Make sure that this interface (within the VM) is within the same subnet as theinpath0 0 address on the Steelhead appliance. For example, if the inpath0 0address is 192.168.1.11/24, then the Monitor interface address on the RSP virtualmachine should be 192.168.1.x/24.22 Websense Web Security and Riverbed Steelhead
Setting up the Riverbed Steelhead 2504. Ping the Websense Web Security Gateway server, to make certain that both theVM and the Gateway are reachable.5. Navigate to Configure Branch Services RSP Packages and launch the VMConsole.6. Log on to VMware Infrastructure.7. Download and install the plug-in to enable the browser to see the VMware imagesoftware.a. Choose defaults during the installation process.b. After the installation completes, log on again to the VMware Infrastructure.Adding Websense software to the Riverbed RSP virtual machine atthe branch office1. Ensure that your data center is running Microsoft SQL Server, and that theWebsense server at the data center is running the Websense components. SeeInstall Websense components at the data center, page 25 in the next chapter forspecifics.2. Log on to the uploaded VM image and install Websense Network Agent andFiltering Service in Stand-alone mode. See Install Websense components at thebranch office in the next chapter for specifics.3. After installation, use Websense Manager running in the data center to configurethe Network Agent running at the branch office so that it monitors the branchsubdomain(s). See the next chapter for specifics.Getting Started 23
Setting up the Riverbed Steelhead 25024 Websense Web Security and Riverbed Steelhead
3Installing WebsenseComponentsWebsense software components and your database management system must beinstalled and running at the data center before you install Websense components onthe Riverbed Steelhead 250 appliance at branch offices.Install Microsoft SQL Server at the data centerInstall a supported database engine at the data center first. It may be installed either onthe same Windows server machine where Websense reporting components will beinstalled, or on a different machine in the network.ImportantThe database engine must be installed and running beforeyou install Websense Log Server.If you do not have a supported database engine, you can download and install MSDEfor free. Refer to the Websense Knowledge Base on the Websense Support Portal,www.websense.com/kb for a download link and further instructions. Search for theexact phrase: Installing MSDE with Websense software, version 7.See the Websense Installation Guide for more details on configuring the databaseengine, including prerequisites such as setting up user roles, and the database rightsneeded for the account specified during Log Server installation.Install Websense components at the data centerSetting up the Websense V10000 appliance involves the following tasks, which aredetailed in this chapter.1. Set up the Websense appliance hardware, page 262. Perform initial command line configuration, page 26.3. Configure the V10000, page 27.4. Install Websense Manager and Log Server, page 30.5. Configure Websense Manager, page 34.Getting Started 25
Installing Websense Components6. Configure Websense Content Gateway, page 38.7. Test and refine your policies, page 39.Set up the Websense appliance hardwareThe Quick Start guide, which comes in the box with your appliance, providesinformation on the contents of the Websense V10000 box, how to set up the hardware,and how to connect the cables to the appliance and to your network.Network interface C and the outbound proxy interface (typically P1) must be able toaccess a DNS server and must have continuous access to th
A Windows server at the data center houses Websense Manager (the configuration interface for Websense Web Security) and Log Server (which processes filtering log records into a separate Microsoft SQL Server database for reporting). The Websense V10000 appliance houses the central policy database that serves all branches, as well
