v5.

1

Installation Guide
for use with Squid Web Proxy Cache

Websense Enterprise Installation Guide
©1996 -2003, Websense Inc. All rights reserved. 10240 Sorrento Valley Rd., San Diego, CA 92121, USA Published November 6, 2003 Printed in the United States of America

NP33-0003SQD
This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form without prior consent in writing from Websense, Inc. Every effort has been made to ensure the accuracy of this manual. However, Websense Inc., makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Websense Inc. shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.

Trademarks
Websense, AfterWork, and AfterWork.com are trademarks or registered trademarks of Websense Inc. in the United States and/or other countries. Microsoft, Windows NT, Windows 2000, Microsoft Internet Security and Acceleration (ISA) Server, Microsoft Proxy Server, and Internet Explorer are trademarks or registered trademarks of Microsoft Corporation. Sun, SunONE and all SunONE based trademarks and logos are trademarks of Sun Microsystems, Inc. Netscape is a registered trademark of Netscape Communications Corporation in the U.S. and other countries. Netscape Navigator and Netscape Communicator are also trademarks of Netscape Communications Corporation and may be registered outside the U.S. Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. Pentium is a registered trademark of Intel Corporation. This product includes software distributed by the Apache Software Foundation (http://www.apache.org).

Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are the sole property of their respective manufacturers.
WinPcap
Copyright (c) 1999–2003 NetGroup, Politecnico di Torino (Italy) All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. • Neither the name of the Politecnico di Torino nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Table of Contents
Chapter 1: Introduction .....................................................................7
How Websense Works............................................................................ 8 Deployment Tasks .................................................................................. 9 Documentation Feedback ....................................................................... 9

Chapter 2: Network Configuration .................................................11
Websense EIM Components ................................................................ 11 Websense Deployment ......................................................................... 14 Array Configuration.......................................................................... 17 NAT and Network Agent Deployment.............................................. 23 Directory Services ........................................................................... 24 System Requirements........................................................................... 25 Typical Windows Installation ........................................................... 26 Typical Linux Installation ................................................................. 27 Typical Solaris Installation ............................................................... 27 Solaris Patches................................................................................ 28 Policy Server ................................................................................... 28 Windows .................................................................................... 28 Solaris........................................................................................ 28 Linux .......................................................................................... 29 EIM Server....................................................................................... 29 Windows .................................................................................... 29 Solaris........................................................................................ 29 Linux .......................................................................................... 30 User Service .................................................................................... 30 Windows .................................................................................... 30 Solaris........................................................................................ 30 Linux .......................................................................................... 31 Websense Manager ....................................................................... 31 Windows .................................................................................... 31 Solaris........................................................................................ 32
Squid Web Proxy Cache 3

....................................................................................................................................................................................................... 35 Before You Upgrade ............................................................................ 84 Windows.................................................................................................... 51 Installing Websense EIM on a Separate Machine .............. 36 Upgrading on Linux.................................................................................................................... 35 Upgrading on Solaris ...................................................... 105 4 Websense Enterprise EIM .................................................... 80 Installing Network Agent Separately ................ 33 DC Agent................................................................ 57 Solaris ..................... 41 Changing Network Addresses of Installed Components... 46 Linux........................................................................ 67 Installing Websense Manager Separately ............... 45 Installing Websense on the Squid Web Proxy Machine ....................................................... 103 Reinstalling the Policy Server ... 77 Windows...................... 96 Adding Components.......................................................................................................................................................................................................... 102 Repairing an Installation..................................................................................................... 65 Installing Websense EIM Components on Windows ................................................................................. 33 Linux............... 45 Before Installing .............................................................................................................................. 44 Chapter 4: Installation and Setup........................................... 78 Installing DC Agent Separately ............................................................ 91 Modifying an Installation .................................. 85 Linux. 96 Removing Components........................................ 38 Upgrading Distributed Components on Windows ................................Table of Contents Network Agent......................................................................................................................... 32 Windows.............................................................................................................................................................................................................. 46 Solaris ......................................... 62 Installing the Plug-in on the Squid Web Proxy Machine ............................................................................................ 77 Solaris ................. 33 Chapter 3: Upgrading Websense ........ 57 Linux............... 33 User Workstations .......................................................................................................................

..................................................................................................................... 128 Appendix B: Troubleshooting ................................................................. 112 HTTPS Blocking ................................................. 123 Basic Authentication .............................................. 127 Linux . 129 I forgot my Websense EIM Server password.................................................. 116 Stopping or Starting Websense Services... 127 Windows ..................................................................................................................................................Table of Contents Redirecting Squid to a Different EIM Server ............................................................................................... 122 Anonymous Authentication...................... 122 Web Proxy Clients ................................................................. 123 Windows NT Challenge/Response and Integrated Windows Authentication.... 133 Squid Web Proxy Cache 5 ..................................... 132 Network Agent is not filtering or logging accurately ..................................................................................129 I made a mistake during installation..................................................................................................................................................................................................................................................... 116 Workstation Configuration ................................................ 108 Displaying Protocol Block Messages........................................... 132 Network Agent fails to start with stealth mode NIC ............................................................. 130 Policy Server fails to install ..................................................................... 117 Windows NT ...................... 119 Chapter 5: Authentication.......................................................... 117 Windows ...................................................................... 130 EIM Database does not download ................................ 107 Subscription Key and Database Download ..........................................................................................................................................127 Configuring for Stealth Mode ............................................... 129 Where can I find download and error messages?.................. 115 Configuring Firewalls or Routers .... 112 Identifying the Proxy Server for the Network Agent.............................................................. 106 Initial Setup .................................... 117 Windows 2000 and 2003 .... 124 Appendix A: Stealth Mode ............................................. 133 Windows 9x workstations are not being filtered as expected................................ 118 Solaris and Linux .............................121 Firewall Clients .....

................................... 135 Before Contacting Websense Support Center................................. 135 Support Options ................................................................................................................................. 135 Websense Technical Services Support Center ................................ 135 Fee-based Support .................................... 136 Index................... 137 .................................................................... 136 Improving Documentation ..............................................................................................................Outgoing Internet traffic seems slow....................... 133 Appendix C: Technical Support ........

Using Websense in conjunction with Squid Web Proxy Cache provides you with a highly effective Internet filtering service. Policy Server— stores all EIM configuration information and communicates this data to other Websense services. In the business setting. You must install the Network Agent and configure it properly to use the Bandwidth Optimizer. and other enterprises the ability to monitor and control network traffic to Internet sites. Websense gives network administrators in business. and enhanced reporting features. strongly recommends that your users be informed of your organization's policies concerning Internet access.Chapter 1: Introduction Thank you for choosing Websense Enterprise Employee Internet Management (EIM). and that Websense EIM has been installed as a tool for monitoring activity and/or enforcing your Internet use policies. Websense EIM is an invaluable tool for minimizing employee downtime due to Internet surfing that is not work related. Network Agent—detects HTTP network activity and calculates the number of bytes transferred. The major components of Websense Enterprise are: EIM Server—interacts with the Squid Web Proxy Cache to provide Internet filtering. the leading Employee Internet Management system that integrates with the Squid Web Proxy Cache. Websense Inc. domains and organizational units. User Service— allows you to apply filtering policies based on users. In addition. Squid Web Proxy Cache 7 . government. It then instructs the EIM Server to log this information. DC Agent—an optional component that transparently identifies users for filtering through a Windows directory service. Protocol Management. Websense helps control the misuse of network resources and the threat of potential legal action due to inappropriate access. Websense Manager— administrative interface that communicates with the Policy Server to configure and manage the EIM Server. education. groups.

Websense EIM can filter Internet sites. each categorized by content. EIM consults its comprehensive database of Internet addresses (URLs). Each policy delineates specific time periods during the week and lists the category sets that are in effect during those time periods. EIM consults the policy assigned to the client. protocols. policy-based filtering approach. protocols. UDP protocols such as RTSP and RTP are monitored and logged by Websense EIM. These reports can be used to refine Internet filtering strategies. EIM Reporter—a separate program available free of charge with Websense EIM. When the Squid Web Proxy receives an Internet request from a client. the user receives a block page instead of the requested site. helping to maximize network resources and employee productivity. This includes protocols. After it determines which categories are blocked. workstations. domains/organizational units.Chapter 1: Introduction EIM Database—contains a collection of millions of Internet sites. or networks). Websense EIM filters network applications that use TCP-based protocols and provides filtering and logging support for UDP-based messages as well. representing more than 800 million pages. and the request is blocked by Websense EIM. or applications based on available network bandwidth. How Websense Works Websense Enterprise EIM is the engine by which content filtering is enforced. Websense Reporter can generate a wide variety of reports and charts depicting your network's Internet usage trends. and the site is returned to the user. it queries Websense EIM to find out whether the requested site should be blocked or not. groups. Websense EIM can filter Internet protocols other than HTTP. Websense allows you to apply different filtering policies to different clients (users. If an initial Internet request is made with TCP. Refer to the EIM Reporter Administrator’s Guide for installation and configuration procedures. Using this log information. If the site is assigned to a permitted category. Its EIM Log Server component records Internet activity on your network. all subsequent UDP traffic will also be blocked. If you have purchased Bandwidth Optimizer and have installed the Network Agent. applications. With the Protocol Management feature. You can specify filtering settings to limit user access to sites. If the site is assigned to a blocked category. To make this determination. or applications based on bandwidth usage. or other 8 Websense Enterprise EIM . Websense EIM notifies the Squid Web Proxy that the site is not blocked. With its flexible.

Refer to Chapter 4: Installation and Setup. for the installation procedures for each operating system. If possible. For more information. For more information. file sharing. 2. Plan the Websense deployment—Websense components can be deployed in various combinations depending upon the size and architecture of your network. Deployment Tasks The following sequence is recommended for installing Websense EIM and configuring it to filter Internet traffic with the Squid Web Proxy. It gives employees time each day to visit sites in categories you deem appropriate. Consult Chapter 2: Network Configuration for sample deployment options and to determine the operating systems supported by each Websense EIM component. you must install the selected components and perform initial setup tasks. Install Websense—Once you have decided how to deploy Websense on your network. Users can access the AfterWork site during more suitable times at the office or from home. to retrieve their personal bookmarks. include your organization’s name in your message. the site is automatically added to the user’s personal bookmark area at http:// www. Documentation Feedback Websense Inc. 1. Please send feedback to DocFeedback@websense. Quotas help you control how much time your employees spend on personal surfing and the types of sites they are able to access. a Web site available exclusively to Websense customers. streaming media. Squid Web Proxy Cache 9 . Internet mail.com. welcomes comments and suggestions regarding the product documentation. Quotas can be a powerful tool for Internet access management. or visit the AfterWork Web site. Deciding what Websense components to install and where to put them is your first task. and various other network or database operations. When deferred. The Quota feature is an alternative to full blocking. file transfer.Chapter 1: Introduction data transfer methods such as those used for instant messaging.com. AfterWork filtering options are additional alternatives to full blocking that allow users the opportunity to defer a blocked request.afterwork. please refer to the Quotas section in your Websense EIM Administrator's Guide. see the AfterWork section in your Websense EIM Administrator's Guide.

Chapter 1: Introduction 10 Websense Enterprise EIM .

The Websense Manager may be used on a different operating system from the EIM Server. as long as they are properly configured to communicate with each other. Solaris. There must be only one Policy Server installed for each logical installation. consider the following installation dependencies. however. Policy Server—typically installed on the same machine as the EIM Server. User Service—installed in networks using a directory service for authentication. Websense Manager—may be installed on the same machine as the Websense EIM Server. Websense EIM Components When deciding how to deploy Websense EIM components in your network.: EIM Server—typically installed on the same machine as the Policy Server and may be installed on the same machine as the Websense Manager. The EIM Server installs on Windows. depending upon the nature of your network and your filtering requirements. User Service is unnecessary if you intend to filter and log Internet requests based on IP addresses. User Service can be installed on the same operating systems supported by the EIM Server and is typically installed on the same machine. Solaris. The EIM Server can be installed on a different operating system than the Policy Server. depending upon the configuration of your network. and Linux. you may install Squid Web Proxy Cache 11 . The Policy Server installs on Windows. The Websense Manager installs on Windows and Solaris. This is an unusual deployment. An example would be a Policy Server that delivers the same policies and categories to each machine in a subnet. and Linux. but may be installed on a separate machine. The Websense Manager may be installed on multiple machines in the network to enable remote configuration of the EIM Server. The information in this chapter will help you determine both your hardware needs and the relationship of EIM components to one another.Chapter 2: Network Configuration Websense EIM components can be installed in a number of possible configurations.

Solaris. For instructions on defining IP address ranges for multiple Network Agents. page 20 if you are installing Network Agent in a network that employs switches. User Service must be installed on a Windows operating system if the DC Agent is being used. 12 Websense Enterprise EIM . for example. and you are using a Windows-based directory service. install the Network Agent on a dedicated machine. refer to the EIM Administrator’s Guide. For systems providing multilingual support. Organizations with multilingual support requirements must install the product suite (User Service. For the best performance. For larger organizations. For small to medium sized organizations. Network Agent—Network Agent installs on Windows and Linux. Policy Server. The locale of the Policy Server determines the language it supports for directory services. connected to an unmanaged. On larger networks. User Service must be installed separately on a Windows machine. User Service produces correct results for one locale only. dedicated server to increase overall throughput. You may have only one User Service installation for each Policy Server. Make sure to deploy the Network Agents so that they can filter the entire network. When planning the deployment of the Network Agent consider the following: The Network Agent must be able to directly see 2-way Internet traffic from your internal network to filter and log effectively. If the EIM Server is installed on Linux. User Service installs on Windows. Make sure your network configuration routes both the Internet request from the workstation and the response from the Internet back to the workstation past the Network Agent. the Network Agent can be installed on the same server machine as the other Websense EIM components. Partial deployment will result in the loss of log data from network segments not watched by the Network Agent. See Switched Environments. assuming that the server meets the minimum system requirements.Chapter 2: Network Configuration User Service on a different operating system than the EIM Server. and EIM Server) for each supported language on machines configured for that language. and Linux. you may want to put the Network Agent on a separate. you may need to install multiple Network Agents and assign them to monitor various IP address ranges in your network. unswitched hub that is located between an external router and your network.

If you install an instance of Network Agent on 192. communication may be slowed enough to prevent the Network Agent from blocking an Internet request in time. it is recommended that you install only one DC Agent per domain. DC Agent—should be installed in networks using a Windows directory service (NTLM-based or Active Directory). Do not install the Network Agent on a machine running any type of firewall.x.x and configure it to communicate with a Policy Server on 10.x. See the EIM Reporter Administrator’s Guide for installation and administrative information. For small to medium networks. DC Agent can be installed on any network segment as long as NetBIOS is allowed between the DC Agent and the domain controllers. either on the same machine as other Websense components. you can install multiple DC Agents.x. DC Agent can be installed on any Windows Server in the network.x. If you are installing DC Agent. If you have a large. Transparent Identification of Users in Websense Enterprise v4. Setting up the DC Agent in the DMZ is not recommended. The EIM Log Server receives and saves information on Internet requests filtered by Websense EIM.x through a variety of switches and routers.com/support/documentation EIM Reporter components—installed on a separate machine from the EIM Server. For detailed deployment information. This situation could prevent DC Agent from receiving a user name when an Internet request is made from that workstation. The Network Agent uses a packet capturing utility which may not work properly when installed on a firewall machine. refer to the white paper titled. distributed network with many domain controllers on the same domain. Squid Web Proxy Cache 13 .Chapter 2: Network Configuration Avoid deploying the Network Agent across different LANs. Installing DC Agent on the domain controller machine is not recommended.4+ found on the Websense Web site at: http://www. be sure that the machine names of any Windows 9x workstations in your network do not contain any spaces. or a different machine. Reporter then uses this information to create reports.websense. DC Agent installs on Windows only.

installing multiple EIM Servers for load balancing purposes may be appropriate. you must use the same version of Websense EIM and Websense EIM Reporter. Refer to Websense EIM Components and System Requirements for installation guidelines when planning your deployment. depending on the current load. particularly if your network contains 1000 or more users. some load balancing configurations permit the same user to be filtered by different EIM Servers. In environments with a large number of workstations. Install Websense EIM and Websense Reporter on separate machines inside the network. This architecture may not be suitable for your network. Filtering and logging functions are CPU intensive and could cause serious operating system errors. Websense Deployment The following network common configurations that are maximized for efficiency. where they will not have to compete for resources. Websense EIM components can be installed on a single server machine or widely distributed across a network.Chapter 2: Network Configuration Note To generate reports properly. refer to the EIM Administrator’s Guide. 14 Websense Enterprise EIM . however. Do not install Websense EIM and Websense Reporter together on the same machine or on a machine running a firewall. For instructions on how to configure Websense for multiple EIM Servers.

the main Websense EIM components are installed with the Squid Web Proxy on a Solaris or Linux machine. EIM Server. User Service (Solaris & Linux) Workstation Workstation Workstation Websense Reporter and Log Server (installed separately) (Windows) EIM Server Installed on the Same Machine as the Squid Web Proxy In this configuration. Network Agent. Squid Plug-in. Firewall or Internet Router Websense Manager. including the Network Agent. In this case. DC Agent (Windows) Internet Squid Web Proxy Cache. and Squid Web Proxy running on the same machine. are installed on a Windows machine that can directly monitor all employee Internet traffic. Squid Plug-in. Squid Web Proxy Cache 15 . The remaining Websense EIM components.Chapter 2: Network Configuration Single Squid Web Proxy Configuration The following diagram shows the entire Websense EIM suite. Policy Server. An alternate setup places the Websense EIM components and Websense Manager together on a machine separate from the Squid Web Proxy machine. the Squid Plug-in must be installed on the Squid Web Proxy machine so that it can communicate with Websense.

Chapter 2: Network Configuration

The following diagram shows this alternate setup.

Firewall or Internet Router

Internet

Squid Web Proxy Cache, Squid Plug-in EIM Server, Policy Server, User Service, Network Agent, DC Agent, Websense Manager

Websense Reporter and Log Server Workstation Workstation Workstation

EIM Server Installed Separately from the Squid Web Proxy Cache

This configuration eases the load on the Squid Web Proxy machine by placing all the Websense EIM components on a separate Windows machine. The Websense EIM Server and Squid Web Proxy machine must be able to communicate over the network in this setup. Websense Manager can also be installed on multiple machines for added flexibility.

16

Websense Enterprise EIM

Chapter 2: Network Configuration

The EIM Log Server, which is installed with Websense Reporter on a separate machine from Websense, receives and saves information on Internet requests filtered by Websense. See your Websense Reporter documentation for more information. Note Websense Enterprise 5.1 sends log information that can only be read by EIM Reporter 5.1. Therefore, you must install or upgrade to Reporter 5.1 in order to generate reports.

Array Configuration
Websense Enterprise EIM is compatible with most array configurations, including Cache Array Routing Protocol (CARP) arrays. If the Squid Web Proxy machines in the array can run Websense EIM without a loss of performance, installing all the EIM components on one of the array machines is recommended. In this configuration, the two applications will not have to communicate over the network. The following diagram shows Websense EIM components running on a Squid Web Proxy machine, with the Websense Manager installed on a workstation machine.

Squid Web Proxy Cache

17

Chapter 2: Network Configuration

Internet

Firewall or Internet Router

Network Agent, DC Agent Websense Reporter and Log Server
(installed separately)

Squid Web Proxy Cache, Squid Plug-in, EIM Server, Policy Server, User Service

Squid Web Proxy Cache, Squid Plug-in

Websense Manager Workstation Workstation Workstation Workstation Workstation Workstation

Array Configuration—First Option

18

Websense Enterprise EIM

Network Agent. Squid Plug-in Squid Web Proxy Cache.Chapter 2: Network Configuration If there is a potential loss of performance by installing the EIM components on the Squid Web Proxy machine. all array members send Internet requests to the EIM Server that is installed outside the array. When Websense is installed in this manner. Squid Web Proxy Cache 19 . Squid Plug-in Websense Manager Workstation Workstation Workstation Workstation Workstation Workstation Array Configuration—Second Option Other configurations are possible. DC Agent Squid Web Proxy Cache. and then install the Squid Plug-in on each member of the array. you can install Websense Enterprise EIM on a separate machine outside the array. Consult your Squid Web Proxy Cache documentation for information about array configurations. User Service. Policy Server. Internet Firewall or Internet Router Websense Reporter and Log Server (installed separately) EIM Server.

All Internet traffic that passes through the firewall can then be monitored by the Network Agent. Traffic from both Switch #1 and Switch #2 go through Switch #3 into the firewall. Firewall Switch #1 Switch #2 Switch #3 Network Agent Client Client Client Client Websense EIM Client Client Basic Deployment in a Switched Environment 20 Websense Enterprise EIM . Internet Router Switched Environment Requirement: Network Agent must be able to detect traffic coming from all the workstations in the LAN. Note Contact your switch vendor to determine if your switch is capable of mirroring or port spanning and to learn how to implement the correct configuration. so that the Network Agent can detect Internet requests from all the workstations. configure a switch to use mirroring or 2-way port spanning.Chapter 2: Network Configuration Switched Environments In a switched environment. Solution: The ports on Switch #3 to which the Network Agent and Websense EIM are connected must be configured to monitor the port to which the firewall is connected.

Firewall Switch #4 Websense EIM.Chapter 2: Network Configuration Internet Router #2 Remote Office Connection Requirement: The Network Agent must be able to monitor all internal Internet traffic from Switch #1. Solution: Install an additional switch (Switch #4) between Router #1 and the firewall. Connect the Network Agent to Switch #4. Network Agent Remote Office Switch #1 Switch #2 Router #1 Switch #3 Client Client Client Client Client Client Client Client Client Switched Environment with a Remote Office Connection Squid Web Proxy Cache 21 . Switch #2. as well as the Internet traffic coming into Router #1 from the remote office. and Switch #3. Configure the port to which the Network Agent is connected to monitor the port to which Router #1 is connected.

Switch #2. 22 Websense Enterprise EIM .Chapter 2: Network Configuration Internet Remote Office Connection Requirement: The Network Agent must be able to monitor all internal Internet traffic from Switch #1. Router #2 Firewall Websense EIM Switch #4 Network Agent Remote Office Switch #1 Switch #2 Switch #3 Router #1 Client Client Client Client Client Client Client Client Client Switched Environment with a Remote Office Connection On a large network. Connect the Network Agent and Websense EIM to Switch #4. consider the following: Do not assign overlapping IP address ranges. as well as the Internet traffic coming into Router #1 from the remote office. Configure the ports to which the Network Agent and Websense EIM are connected to monitor the port to which Router #1 is connected. and Switch #3. you may need to install multiple Network Agents and assign them to monitor various IP address ranges in your network. network bandwidth measurements will not be accurate. and bandwidthbased filtering will not be applied correctly. If you install multiple Network Agents. If the IP ranges overlap. Solution: Install an additional switch (Switch #4) between Router #1 and the firewall.

or the Network Agent will see the IP address of the router's external interface as the source of the request. Internet Router Multiple Network Agents Requirement: To effectively manage both HTTP and nonHTTP traffic. Solution: Install an instance of Network Agent on each subnet. Partial deployment will result in the loss of log data from network segments not watched by the Network Agent. Network Agent must see all the traffic from all three subnets. and Switch #3 must be configured to allow the ports to which the Network Agent and Websense EIM are connected to monitor the port to which the firewall is connected. If you are deploying the Network Agent to monitor traffic from multiple subnets after it passes through such a router.Chapter 2: Network Configuration Deploy the Network Agents so that they can filter the entire network. Configure each instance of Network Agent to monitor all the traffic on its subnet and to communicate to the same EIM Server connected to Switch #3. An alternative Squid Web Proxy Cache 23 . Firewall Switch #2 Switch #1 Switch #3 Websense EIM Client Client Client Client Client Network Agent Network Agent Network Agent Multiple Network Agents in a Switched Environment NAT and Network Agent Deployment The use of Network Address Translation (NAT) on internal routers can prevent the Network Agent from identifying the source IP addresses of client machines making Internet requests. Switch #2. you must disable NAT. Switch #1.

group.6. see the EIM Administrator’s Guide. see your EIM Administrator’s Guide. Websense can communicate with the following directory services: Windows NTLM-based directories Windows Active Directory SunONE Directory Server v4. Enable the appropriate directory service within Websense.Chapter 2: Network Configuration would be to install the Network Agent on a machine located between the NAT router and the clients to be monitored. you must install the Websense User Service on a Windows machine. Workstations are identified within Websense by their IP addresses. Internet requests can be filtered based on policies assigned to individual directory objects after the following tasks have been accomplished: If you are using the SunONE or Novell directory service: 1. Filtering can be based on individual user. Websense can communicate with your directory service whether it runs on the same operating system as Websense or on a different system.51. and domain/organizational unit policies. Websense can filter based on workstation or network policies. For information about accessing LDAP and Windows directories. This enables User Service to communicate with the Windows-based directory service. 24 Websense Enterprise EIM . providing that Websense is able to identify the user making an Internet request.7 For information about configuring directory service access.1 Novell Directory Services/eDirectory v8. and v8.2 and v5. The authentication method you configure must allow EIM Server to obtain directory object information from a Windows or LDAP directory. and networks are identified as IP address ranges. Directory Services If your environment includes a directory service. If your directory service is Windows-based. Note In any environment. you may also assign different policies to individual users or groups with accounts in that directory service. and you have installed Policy Server on a Solaris or Linux machine. v8.

Chapter 2: Network Configuration

2. Enable Websense manual authentication so that Websense can identify users. If you are using a Windows NTLM-based directory or Active Directory: 1. Configure the Windows directory service within Websense. 2. Enable Websense to identify users transparently by installing and configuring the Websense DC Agent. 3. Enable manual authentication within Websense so that if Websense is unable to identify users transparently, it will prompt users to manually authenticate. For information about Websense manual authentication, see the EIM Administrator’s Guide. Websense EIM can transparently identify users in a Windows domain if the Websense DC Agent is installed on a Windows NT or Windows 2000 Server in the network. The Websense transparent identification feature allows Websense to filter Internet requests from users identified in a Windows directory without prompting them to manually authenticate. Once the Websense EIM Server is configured to communicate with DC Agent, DC Agent obtains user information from a Windows-based directory service and sends it to the EIM Server. When the EIM Server receives the IP address of a machine making an Internet request, the EIM Server matches the address with the corresponding user name provided by the DC Agent. This allows Websense to transparently identify users whenever they open a browser that sends an Internet request. For information about transparent identification and the Websense DC Agent, please see the EIM Administrator’s Guide.

System Requirements
Websense Enterprise v5.1 is compatible with Squid v2.5. System requirements are listed separately for Websense components. All components can run on the same Windows machine or can be distributed on separate Windows, Solaris, or Linux machines. The EIM Server, the Policy Server, and User Service can run on Windows, Solaris, or Linux machines. The Websense Manager can run on Windows or Solaris machines. The Network Agent can run on Windows and Linux machines. These components can be installed on machines with the same or different operating systems, offering increased versatility in your network.

Squid Web Proxy Cache

25

Chapter 2: Network Configuration

If you plan to install Websense EIM on a machine that has high CPU demands, make sure that the machine has sufficient resources to accommodate all the software loaded on it. The minimum system requirements listed here may not provide enough speed or memory for Websense EIM to function correctly on a busy network if it is forced to compete for resources. Note The following are the minimum system requirements for running Websense Enterprise EIM v5.1. Such factors as network size, network configuration, and Internet traffic volume can affect these requirements.

Typical Windows Installation
In the typical Windows installation, all the Web filtering components of Websense Enterprise EIM may be installed on the same machine. Do not install Websense EIM and Websense EIM Reporter together on the same machine or on a machine running a firewall. The minimum system requirements for this type of installation are as follows: Pentium III, 800 MHz 512 MB of RAM Disk space requirements: All Websense components—270 MB EIM Server, Policy Server, Websense Manager, and User Service— 260 MB An additional 500 MB of available disk space is needed to process the updates of the EIM database.

26

Websense Enterprise EIM

Chapter 2: Network Configuration

Updates to the EIM Database gradually increase the required disk space. You can reduce the disk space requirement by deleting the original installation files. IMPORTANT Do not install Websense EIM and Websense Reporter together on the same machine or on a machine running a firewall. Filtering and logging functions are memory intensive and should run on separate machines inside the network, where they will not have to compete for resources.

Typical Linux Installation
In the typical Linux installation, EIM Server, Policy Server, User Service, and Network Agent are installed on the same machine. The minimum system requirements for this type of installation are as follows: Pentium III or higher (800 MHz) 512 MB RAM (or more) Red Hat Linux version 8.0, and 9.0 Disk space requirements: EIM Server, Policy Server, Network Agent, and User Service—226 MB EIM Server, Policy Server, and User Service—220 MB An additional 500 MB of available disk space is needed to process the updates of the EIM database.You can reduce the disk space requirement by deleting the original installation files.

Typical Solaris Installation
In the typical Solaris installation, EIM Server, Policy Server, User Service, and Websense Manager are installed on the same machine. The minimum system requirements for this type of installation are as follows: Sun Ultra SPARC II 512 MB of RAM 320 MB of disk space for EIM Server, Policy Server, Websense Manager, and User Service
Squid Web Proxy Cache 27

No patches are required for Solaris 9. Solaris Patches Make sure you install the proper patch cluster on your Solaris 2. Solaris. Refer to page 28 for a link to the Sun Web site for patch information. Solaris 9 (no patches required) 28 Websense Enterprise EIM . consult the following Sun Web site for a list of current patches for your version of Solaris.0 Server with Service Pack 6a 82 MB of hard disk space Solaris Sun Ultra SPARC II 512 MB RAM or more One of the following Sun Operating Environments with all the current patches applied.sun. http://sunsolve.com/pub-cgi/show. If you are unsure about which patches are required. You can reduce the disk space requirement by deleting the original installation files. If the patch comparison utility displays an error in the patches you have installed on your machine. 7 or 8 operating system before attempting to run the Websense EIM installer.Chapter 2: Network Configuration An additional 500 MB of available disk space is needed to process the updates of the EIM database. Windows Pentium II or higher 512 MB RAM or more Supported operating systems: Windows 2003 Server Windows 2000 Server. and Linux machines. run the Websense EIM installer and check the patch level of the installation machine when prompted.6. Service Pack 2 and higher Windows NT 4.pl?target=patches/J2SE Policy Server System requirements are listed separately for Windows.

5 times the amount of RAM installed on the machine.0.6 82 MB of hard disk space Linux Pentium III or higher (800 MHz) 512 MB RAM (or more) Red Hat Linux version 8. Solaris. Service Pack 2 and higher Windows NT 4.0 82 MB of hard disk space EIM Server System requirements are listed separately for Windows. (Applicable only to the EIM Server machine that downloads the EIM Database.Chapter 2: Network Configuration Solaris 8 Solaris 7 Solaris 2. Windows Pentium II or higher 512 MB RAM (or more) Supported operating systems: Windows 2003 Server Windows 2000 Server.0 Server with Service Pack 6a Virtual Memory: Recommended setting is less than 1. which will gradually increase as the EIM Database gets larger Solaris Sun Ultra SPARC II 512 MB RAM (or more) 70 MB of disk space Squid Web Proxy Cache 29 . and 9. and Linux machines.) 80 MB of disk space.

Chapter 2: Network Configuration

One of the following Sun Operating Environments with all the current patches applied. Refer to page 28 for a link to the Sun Web site for patch information. Solaris 9 (no patches required) Solaris 8 Solaris 7 Solaris 2.6 70 MB of disk space, which gradually increases as the EIM Database grows

Linux
Pentium III or higher (800 MHz) 512 MB RAM (or more) Red Hat Linux version 8.0, and 9.0 70 MB of disk space, which gradually increases as the EIM Database grows

User Service
User Service can be run on Solaris and Linux operating system, but must be run on a Windows operating system when the DC Agent is used. System requirements are listed separately for Windows, Solaris, and Linux.

Windows
Pentium II or higher 512 MB RAM or more Supported operating systems: Windows 2003 Server Windows 2000 Server, Service Pack 2 and higher Windows NT 4.0 Server with Service Pack 6a

Solaris
Sun Ultra SPARC II 512 MB RAM or more

30

Websense Enterprise EIM

Chapter 2: Network Configuration

One of the following Sun Operating Environments with all the current patches applied. Refer to page 28 for a link to the Sun Web site for patch information. Solaris 9 (no patches required) Solaris 8 Solaris 7 Solaris 2.6

Linux
Pentium III or higher (800 MHz) 512 MB RAM (or more) Red Hat Linux version 8.0, and 9.0

Websense Manager
Requirements are listed separately for Windows and Solaris installations. A Websense Manager installed on a Windows or Solaris machine can configure a Policy Server installed on a Linux machine.

Windows
Pentium II or higher 256 MB RAM (or more) Supported operating systems: Windows 2003 Server Windows 2000 Professional or Server, Service Pack 2 and higher Windows NT 4.0 Workstation or Server, Service Pack 6a Windows XP Professional Windows Millennium Edition Windows 98 (with updated Microsoft Virtual Machine) Internet Explorer or Netscape with Java support enabled (required to view online Help) Color depth set to 8bit (256 colors) or greater 131 MB of disk space

Squid Web Proxy Cache

31

Chapter 2: Network Configuration

Solaris
The Websense Manager will not run on a non-GUI Solaris system. To run the Manager, you must have Common Desktop Environment (CDE), Java Virtual Machine (JVM) and a browser. Sun Ultra SPARC II 256 MB RAM (or more) One of the following Sun Operating Environments with all the current patches applied. Refer to page 28 for a link to the Sun Web site for patch information. Solaris 9 (no patches required) Solaris 8 Solaris 7 Solaris 2.6 Internet Explorer or Netscape with Java support enabled (required to view online Help) Color depth set to 8bit (256 colors) or greater 131 MB of disk space

Network Agent
The Network Agent runs on Windows and Linux. For the most reliable performance, install Network Agent on an Ethernet network. Network Agent must be able to monitor 2-way Internet traffic from the internal network. Position the machine containing Network Agent to see the Internet requests from the internal network as well as the Internet response to the requesting workstations. IMPORTANT The network interface card (NIC) that you use for Network Agent must be in promiscuous mode. Check with the manufacturer of your interface to determine if your card supports this configuration.

32

Websense Enterprise EIM

0 (Server version) Service Pack 6a User Workstations To be filtered by Websense. In addition: Browsers must be set for proxy-based connections.0.3 MB of hard disk space Linux Pentium III or higher (800 MHz) 512 MB RAM (or more) Red Hat Linux version 8.Chapter 2: Network Configuration Windows Pentium II or higher 256 MB of RAM Supported operating systems: Windows 2003 Server Microsoft Windows 2000 Server.0 6. Service Pack 6a 6. a user workstation must access the Internet through the Squid Web Proxy Cache.3 MB of hard disk space DC Agent The DC Agent runs on Windows machines only. so that deferred sites can be posted to AfterWork. Squid Web Proxy Cache 33 .com Examples of browsers on which you can enable JavaScript are Netscape Navigator.x or higher.0 Server. These browsers also support proxy-based connections. Service Pack 2 and higher Windows NT 4. Service Pack 2 and higher Windows NT 4. or Internet Explorer 5. JavaScript must be enabled on browsers if you plan to implement AfterWork filtering options. and 9. Netscape Communicator. Pentium II or higher 256 MB of RAM Supported operating systems: Windows 2003 Server Microsoft Windows 2000 (Server version).

Chapter 2: Network Configuration 34 Websense Enterprise EIM .

released separately from Websense Enterprise. Before You Upgrade Foreign language versions: If you are currently running a foreign language version of Websense Enterprise EIM. Installation instructions are provided with the Language Pack product. To convert your system back to the previous foreign language version. including the Inktomi Filter SunOne Filter ISAPI Filter . Upgrading distributed components: To upgrade your system. Upgrading the Squid Plug-in: To upgrade the plug-in. make sure your equipment meets or exceeds the system requirements listed in the previous chapter. you must run the Websense Enterprise EIM installer on each machine on which a Websense component resides. upgrading your system will convert it to English.Chapter 3: Upgrading Websense Before upgrading Websense EIM. Reporting: To properly generate reports.1 Language Pack. The installer automatically assigns the same port numbers to the v5. Squid Web Proxy Cache 35 . the user is prompted to upgrade these components as well. you must install the v5.1 EIM Server that the existing v5. The installer detects all Websense Enterprise components. and upgrades them accordingly. If you are upgrading from a previous version of Websense Enterprise. you must use the same version of Websense EIM and Websense Reporter. follow the procedures beginning on page 36.0. run the Websense Enterprise EIM installer on the Squid Web Proxy Cache machine and follow the onscreen instructions.1 EIM Server uses. For proper communication to be established with the Squid Web Proxy Cache. you must upgrade the Websense Server before upgrading the plug-in. If the installer detects remote installations of any Websense EIM components. The Websense EIM installer will upgrade all the Websense EIM components detected on the installation machine without adding additional components.

To upgrade from Websense EIM v5. Stop the EIM Server and copy the config. If these services or daemons have run uninterrupted for several months.xml file and the eimserver. Terminal Services—Do not attempt to upgrade Websense EIM using Terminal Services.1: 1.gz 4.0. Enter the following command to unzip the file: gunzip WebsenseEIM_Slr_5.tar 36 Websense Enterprise EIM . Log on to the installation machine as the root user. 3.0. you must upgrade the EIM Server to v5.xml file before proceeding. Once the upgrade is complete. Backing up files: After stopping all Websense Services or Daemons.1 Websense Manager. Matching locales: When upgrading an EIM Server that is installed on a different machine from Websense Manager.Chapter 3: Upgrading Websense Websense Services/Daemons: Stop all Websense Services or Daemons manually before attempting an upgrade.gz file (where x is the maintenance release number) to the installation directory. To avoid permissions problems when installing DC Agent or User Service (on Windows).tar. Copy the WebsenseEIM_Slr_5. back up the latest Websense Enterprise configuration file and the initialization file. you must log on to the installation machine with local and domain administrator privileges. Expand the file into its components with the following command: tar xvf WebsenseEIM_Slr_5.1. the Websense services can be restarted with any locale setting.1 to v5.tar. You may need these files in case you encounter any problems during the upgrade.1. Upgrading on Solaris Be sure you have backed up your config.1 in the same locale environment (language and character set) as the v5. 2.1. they can take a considerable amount of time to stop and may cause the upgrade process to time out. Network interface cards (NIC): The NIC that you use for Network Agent must be in promiscuous mode. When upgrading on Solaris or Linux.ini file from the Websense\EIM\bin folder to a safe location. log on to the EIM Server machine with the locale appropriate to the Websense Manager.

If the target machine has insufficient disk space. You are advised to upgrade any other Websense modules that may have a dependency on the system you have just upgraded.adobe.sh setup /Documentation directory Description Installation program Archive file containing related installation files and documents. This will prevent conflicts caused by incompatible versions.sh To run the GUI version of the installer. 5. version 5 or later. The installer then searches for and stops any Websense services it finds running. the selected components cannot be installed./install. available free from www. Read this file with any supported browser. Squid Web Proxy Cache 37 .com or on the Websense CD.sh -g. IMPORTANT The installation machine must have 512 MB of RAM to run the GUI version of the Websense EIM installer./install. Installation guide for Websense Enterprise EIM. A system requirements check is run to determine if the installation machine has sufficient memory and disk space for the upgrade. Run the installation program from the directory in which it resides: .Chapter 3: Upgrading Websense This places the following files into the installation directory: File install. use the following command: . View or print this and the following document with Adobe Acrobat Reader. The installer detects the earlier version of Websense Server and notifies you that it will upgrade the existing installation. and the installer quits. Release Notes—An HTML file containing release notes and last minute information about Websense.

you should upgrade your machine’s memory to the recommended minimum. 1.cfg. 6.sh setup Description Installation program Archive file containing related installation files and documents 38 Websense Enterprise EIM .1.1. 7. the installer asks which IP address Websense EIM should use.Chapter 3: Upgrading Websense If the installation machine has less than the recommended amount of memory.1. Log on to the installation machine as the root user. Upgrading on Linux Be sure you have backed up the ws. Follow the onscreen instructions and provide the installer with the following information: IP address to use: If the installation machine contains multiple network interface cards (NIC). Netscape location: If you are upgrading the Websense Manager.ini files before proceeding. Continue to upgrade Websense EIM. and eimserver.tar.gz file to the installation directory. Copy the WebsenseEIM_Lnx_5. 2. the installation will continue. Expand the file into its components with the following command: tar xvf WebsenseEIM_Lnx_5. 3.tar This places the following files into the installation directory: File install. you must provide the installer with the location of Netscape. websense. To ensure the best performance of the components you are installing.tar.gz 4. Enter the following command to unzip the file: gunzip WebsenseEIM_Lnx_5.ini.

0 or later. If the installation machine has less than the recommended amount of memory. and the installer quits. available free from http:// www. The installer detects the earlier version of Websense Server and notifies you that it will upgrade the existing installation. the selected components cannot be installed. version 4.adobe. If the target machine has insufficient disk space.pdf).sh To run the GUI version of the installer. you should upgrade your machine’s memory to the recommended minimum. To ensure the best performance of the components you are installing.) Release Notes – An HTML file containing release notes and last minute information about Websense.sh -g. A system requirements check is run to determine if the installation machine has sufficient memory and disk space for the upgrade. use the following command: ./install. The installer then searches for and stops any Websense services it finds running. Run the installation program from the directory where it resides: . View and print this file with Adobe Acrobat Reader. the installation will continue. IMPORTANT The installation machine must have 512 MB of RAM to run the GUI version of the Websense EIM installer. the installer will display an error message advising you that the GUI version is not supported. 6. and can be deleted to save disk space. If you are using a non-English based system./install. Follow the onscreen instructions and provide the installer with the following information: Squid Web Proxy Cache 39 . Read this file with any supported browser 5.com or on the Websense CD.Chapter 3: Upgrading Websense File /Documentation Description Installation guide for Websense Enterprise EIM (WSInstall_Squid. (Guides for other integrations may also be extracted.

e. c.0. d. select Add Network. The counter increments each time the NIC detects an individual IP address from the target Network in a passing packet. Select Test Traffic Visibility to test whether or not a NIC can see Internet traffic. Number of IP addresses for which traffic is detected during the test of a Network. 40 Websense Enterprise EIM . The counter in the IP Address Count column should begin recording Internet traffic immediately from the networks listed. Return to the Traffic Visibility Test dialog box.0 and changes appropriately as the netmask is defined.Chapter 3: Upgrading Websense IP address to use: If the installation machine contains multiple network interface cards (NIC). If the network you want to test with the NIC does not appear in the default list. The subnet mask defaults to 255. f. These netmasks can reside in different network segments depending upon the IP address ranges to be filtered. The Traffic Visibility Test utility has the following fields: Field Network Card Description Name of the network interface card (NIC) to test. giving you the option to test NICs for network visibility before installing the Network Agent. Networks Tested IP Address Count b. Your new Network appears in the list. Cards without an IP address do not appear on the list. the installer asks which IP address Websense EIM should use. From the Network Card list. Enter a new netmask value for the Network ID. select the NIC that you want to use for the Network Agent.0. a. Network Agent installation: The Network Agent installation screen is displayed. Displays the netmasks that are being tested. You may use the defaults provided or add your own. Active cards on the installation machine appear in this list. Select Start Test to begin testing all the networks in the list.

You may continue with the installation without installing Network Agent and reconfigure your network later. or make the necessary changes and retest immediately. Perform one or both of the following tasks: – If the installation machine has multiple NICs. Select whether or not to install Network Agent and continue the installation. Continue to upgrade the Websense Server. for deployment information. This might involve connecting to a different router or configuring for port spanning in a switched environment. Netscape location: If the Websense Manageris being upgraded.Chapter 3: Upgrading Websense If the count for a Network remains at zero or is very low. the selected NIC cannot see the traffic it is supposed to monitor. select a different card to test. 7. – Resolve network configuration issues to make sure that the NIC can see the desired traffic. When you are sure that your NIC is able to monitor all targeted Internet traffic. h. i. or you have decided to wait to install Network Agent. g. Select a card that you tested successfully in the visibility test. Upgrading Distributed Components on Windows The following Websense EIM components can be upgraded on Windows systems: Websense Manager User Service Network Agent DC Agent Real-Time Analyzer Squid Web Proxy Cache 41 . See Chapter 2: Network Configuration. the installer displays a list of active NICs and asks you to choose one for capturing traffic. you must provide the installer with the location of Netscape. NIC to use: If you are installing the Network Agent. close the visibility test utility.

Extract the compressed files to a folder on the installation machine. You can upgrade the current system or exit the installer. Follow the onscreen instructions and click Next to advance through the welcome screen and the subscription agreement. 42 Websense Enterprise EIM .1. 5. 3. 2. this will assure that they have administrator privileges on the domain. Log on to the installation machine with domain and local administrator privileges. Without this information. This may prevent the Real-Time Analyzer from receiving the IP address of the Policy Server machine. A warning is displayed advising you to upgrade any other Websense modules that may have a dependency on the system you are about to upgrade. Download the WebsenseEIM_5. you may configure administrator privileges for these services after installation by using the Services Properties dialog box. Websense Setup detects the Websense components from your earlier version and asks you how you want to proceed. Accept the default location of C:\Temp or select another appropriate folder. Websense EIM cannot filter by users and groups. Select Upgrade and click Next.Chapter 3: Upgrading Websense To upgrade distributed components on Windows: 1. 6. IMPORTANT Do not extract the installer files to a folder on your desktop. Setup. 4. If you are installing User Service and DC Agent.exe file containing the Websense EIM installer. This will prevent conflicts caused by incompatible versions.exe runs automatically after the files are uncompressed. IMPORTANT User Service and DC Agent must have administrator privileges on the network to retrieve user login information from the domain controller. If you cannot install these components with such privileges.

announcing the success of the installation. A message explains that the installer must stop these services before the installation can proceed. The final screen is displayed. Click Next to continue. 8. the selected components cannot be installed. A list of currently running Websense services from the earlier version is displayed. Click Next to continue. Click Next to stop the Websense services and continue the upgrade. A link to the appropriate Adobe download site is displayed.Chapter 3: Upgrading Websense 7. When a foreign language system is upgraded. If the installation machine has less than the recommended amount of memory. Click Next to continue. a screen is displayed reminding you that you must have Acrobat Reader to access the documentation. If the machine has inadequate disk space or memory. The Language Pack is free and can be downloaded from http://www. If you do not have Acrobat Reader (or the full version of Adobe Acrobat) installed on this machine.websense. the installer displays a message advising you that the Websense Enterprise Language Pack is available for converting your upgraded system to any of the supported foreign languages. you should upgrade your machine’s memory to the recommended minimum. The installer compares the system requirements for the upgrade with the resources of the installation machine. and the installer quits.com. an information screen is displayed detailing the deficiencies. a message reminds you that Protocol Management and Bandwidth Optimizer cannot be used unless Network Agent is installed on a machine with direct access to Internet traffic. If the target machine has insufficient disk space. 9. The Websense EIM upgrade converts all foreign language systems to English. Squid Web Proxy Cache 43 . If the Network Agent was not upgraded. An installation progress bar is displayed while the installer upgrades your system and restarts the Websense services. To ensure the best performance of the components you are installing. the installation will continue.

services need to be restarted or configurations updated after changing an IP address. In some cases. without any interruption in Internet filtering. 44 Websense Enterprise EIM . refer to the Websense Employee Internet Management Administrator’s Guide. Changing Network Addresses of Installed Components Websense EIM handles most IP address changes automatically. you must use the same version of Websense EIM and Websense Reporter.Chapter 3: Upgrading Websense 10. however. Note To properly generate reports. Click Next to exit the installer. Changes to the IP address of the machine running the Policy Server result in notification of the change being broadcast to Websense EIM components on other machines. For a full discussion of the IP address change process.

Foreign language versions: Websense Enterprise v5. Network Agent can be installed on Windows and Linux. Before Installing Please read the following information before installing Websense EIM. and Websense Manager on machines with different operating systems. The Websense Manager can be installed with the main EIM components on Solaris or separately on Windows. DC Agent is supported on Windows only.Chapter 4: Installation and Setup This chapter contains instructions for a new installation of all the Websense components and the initial setup procedures for preparing Websense EIM to communicate with the Squid Web Proxy Cache. Separate installation procedures can be found in this chapter for the following components: Websense Manager (page 77) DC Agent (page 80) Network Agent (page 84) You can install the EIM Server. Installation instructions are provided with the Language Pack product. You can install the main Websense EIM components (EIM Server. For example. Policy Server. Policy Server. LDAP directory: If your directory service information resides in an LDAP directory.1 installs in English only. Websense uses LDAP-related information such as the Squid Web Proxy Cache 45 . Reporting: To properly generate reports. Deployment: Websense EIM for the Squid Web Proxy Cache is supported on Solaris and Linux operating systems only. and User Service) on the Squid machine or together on a separate machine. User Service. you can install Websense Manager on a Windows machine and use it to configure a Policy Server running on a Linux machine. Language Packs for converting systems to foreign language versions are released separately from Websense Enterprise. you must use the same version of Websense EIM and Websense Reporter.

Dynamic IP addresses: Websense EIM will not install on a machine that uses DHCP to assign IP addresses. To avoid permissions problems with Websense. This allows Websense to communicate with the Squid Web Proxy. For instructions on configuring Network Agent to work with additional NICs. Squid is supported on Solaris and Linux only. You may install the following Websense EIM components together on the same machine: EIM Server Policy Server User Service Websense Manager You must install the Squid Plug-in on the Squid Web Proxy machine. refer to the Websense EIM Administrator’s Guide. together with the Squid Plug-in. it will display a message instructing you to assign a static IP addresses and will quit. after 46 Websense Enterprise EIM . (Contact the manufacturer of your card to see if it supports promiscuous mode. you must log on to the Websense EIM machine with local and domain administrator privileges. on the Squid Web Proxy machine.) Network Agent is capable of supporting multiple NICs. LDAP cache. Terminal Services—Do not attempt to install Websense EIM using Terminal Services. You must assign a static IP address to the installation machine before attempting to install Websense EIM. from the records. Installing Websense on the Squid Web Proxy Machine You can install the supported Websense EIM components. You can install the Websense Manager alone on a Windows machine (see page 77). etc. base domain.config file.Chapter 4: Installation and Setup LDAP server IP Address and port. Solaris Follow these installation procedures for each Solaris machine on which you want to install Websense EIM components. If the installer detects the use of DHCP. Network Interface Cards (NIC): The NIC that you use for Network Agent must be in promiscuous mode.

To install the Network Agent on a Windows server. Log on to the Squid machine as the root user.1.com or on the Websense CD.Chapter 4: Installation and Setup you finish installing the main EIM components on the Solaris machine. version 5 or later.1. Copy the WebsenseEIM_Slr_5.sh To run the GUI version of the installer.gz 4. Installation guide for Websense Enterprise EIM (WSInstall_Squid./install. Release Notes—An HTML file containing release notes and last minute information about Websense. 2.tar This places the following files into the installation directory: File install. Read this file with any supported browser. see page 80. To install DC Agent on a Windows server. 3. Run the installation program from the directory where it resides: . see page 84. To install the Websense EIM components on the Squid machine: 1.adobe. Enter the following command to unzip the file: gunzip WebsenseEIM_Slr_5. available free from www.tar.gz file to the installation directory.sh -g.tar.pdf)—View or print this and the following document with Adobe Acrobat Reader./install.1. 5. use the following command: . Squid Web Proxy Cache 47 .sh setup /Documentation Description Installation program Archive file containing related installation files and documents. Expand the file into its components with the following command: tar xvf WebsenseEIM_Slr_5.

Squid executable—Provide the file path to the Squid executable (squid). Use this option to install additional instances on separate machines. A default path is provided. and Websense Manager together on the same machine. IMPORTANT Make sure you select a NIC in normal mode (cards with an IP address). The installer shuts down Squid automatically before the installation continues. IMPORTANT The installation machine must have 512 MB of RAM to run the GUI version of the Websense EIM installer. The installer will attempt to verify this path and will not continue unless it is accurate. the installer will display an error message advising you that the GUI version is not supported. Websense services will not work. Configuration type—Select Install plug-in and other selected EIM components.conf). 6. Custom—allows you to install individual Websense EIM components.Chapter 4: Installation and Setup If you are using a non-English based system. User Service. follow the on-screen instructions through the following steps: Installation type—Choose one of the following installation types: • • Typical—installs Websense EIM Server. Configuration file—Provide the path to the Squid configuration file (squid. Integration—Select Squid Web Proxy Cache. If you select a stealth mode NIC for Websense communications. Policy Server. After the welcome screen and the subscription agreement. Interface cards configured for stealth mode will appear in this list as well. Select the card you want Websense EIM to use to communicate. 48 Websense Enterprise EIM . all the network interface cards enabled appear in a list. Communication interface—If the installation machine is multihomed.

Chapter 4: Installation and Setup Port numbers—The installer automatically assigns default port numbers to the Policy Server and to the EIM Server.sunfreeware. Directory path—path to the installation directory where Websense will create the Websense/EIM directory. You may continue installing Websense and download the Samba client later. If you want to install Websense EIM into a different directory. go to the Sun freeware Web site at: http://www. You will need them when you install the EIM Reporter. the installer will create it automatically. For installations using the Overwrite option. The default is /opt/ Websense. Note Remember the port numbers if you change them from the defaults. If this directory does not already exist. Protocol block messages—Setup advises you that you must install the Samba client (v2. This information is requested only when you choose a Typical installation or are installing Websense Manager separately.8a) to display block messages on Windows workstations blocked by Protocol Management. you will be required to select an alternate port. IMPORTANT The full installation path must use only ASCII characters. type in the new path.2. it is strongly recommended that you use the same directory as for the original installation and overwrite the old files.com Squid Web Proxy Cache 49 . The range of valid port numbers is from 1024 to 65535. If either of the default ports is in use. Web browser—full path to the Web browser you want to use when viewing online help. To download the Samba client.

d/S11WebsenseAdmin. 7. Below this list is the total size of the installation. Installation summary—A summary list is displayed. Installation will continue. 8. If the machine has inadequate disk space or memory for optimal peformance. showing the installation components you have selected. but you should upgrade your machine for the best performance. warnings are displayed separately. indicated whether or not you want the installer to restart Squid. System requirements check—The installer compares the system requirements for the installation you have selected with the resources of the installation machine.Chapter 4: Installation and Setup Note The Samba client is not required for protocol blocking to occur. It also sets up the necessary files. If you did not install the Websense Manager on this machine. This software controls the display of protocol blocking messages only. and the Websense/EIM/ Manager directory if you installed Websense Manager. When prompted. including /etc/rc3. After you provide the requested information. page 77. follow the instructions under Installing Websense Manager Separately. 50 Websense Enterprise EIM . the installation program creates the Websense/EIM directory. which enables EIM Server to start automatically each time the system starts. Note The disk space warning appears only when the EIM Server is being installed.

see page 80.1. Enter the following command to unzip the file: gunzip WebsenseEIM_Lnx_5.gz 4. To install Websense EIM components on the Squid machine: 1. You may install the following Websense EIM components together on the same machine: EIM Server Policy Server User Service Network Agent You must install the Squid Plug-in on the Squid Web Proxy machine. Copy the WebsenseEIM_Lnx_5. The installer detects the presence of Websense components and offers you options for modifying your installation. Expand the file into its components with the following command: tar xvf WebsenseEIM_Lnx_5.You can install the Websense Manager alone on a Windows machine (see page 77). To install DC Agent on a Windows Server.1. 3. Linux Follow these installation procedures for each Linux machine on which you want to install Websense EIM components. This allows Websense to communicate with the Squid Web Proxy.Chapter 4: Installation and Setup Note If you decide to change the location of a Websense component. or remove a component. Log on to the Squid machine as the root user.tar Squid Web Proxy Cache 51 .gz file to the installation directory. after you finish installing the main EIM components on the Linux machine. run the Websense installer again on the machine you want to modify and select the appropriate option. add a feature.tar.1. 2.tar.

pdf)—View and print this file with Adobe Acrobat Reader. Network Agent—installs the Network Agent only. Follow the on-screen instructions and provide the following information: Installation type—Choose one of the following installation types: • • Typical—installs Websense EIM Server.0 or later. Policy Server.sh -g./install. 52 Websense Enterprise EIM ./install. 5. If you are using a non-English based system.Chapter 4: Installation and Setup This places the following files into the installation directory: File install. containing the following: Installation guide for Websense Enterprise EIM (WSInstall_Squid. use the following command: .com or on the Websense CD. 6. Run the installation program from the directory where it resides: . the installer will display an error message advising you that the GUI version is not supported. and Network Agent together on the same machine. Read this file with any supported browser. available free from www. IMPORTANT The installation machine must have 512 MB of RAM to run the GUI version of the Websense EIM installer. Archive file containing related installation files and documents.sh To run the GUI version of the installer. (Guides for other integrations may also be extracted.) Release Notes—An HTML file containing release notes and last minute information about Websense. and can be deleted to save disk space.sh setup /Documentation Description Installation program. User Service.adobe. Directory. version 4.

The installer will attempt to verify this path and will not continue unless it is accurate. Configuration file—Provide the absolute path to the Squid configuration file (squid. IMPORTANT Make sure you select a NIC in normal mode (cards with an IP address). Integration—Select Squid Web Proxy Cache.conf). Interface cards configured for stealth mode will appear in this list as well. Communication interface—If the installation machine is multihomed. If you select a stealth mode NIC for Websense communications. A default path is provided. Squid Web Proxy Cache 53 . Websense services will not work. including the file itself. Configuration type—Select Install plug-in and other selected EIM components. Select the card you want Websense EIM to use to communicate.Chapter 4: Installation and Setup • Custom—allows you to install individual Websense EIM components. Squid executable—Provide the absolute file path to the Squid executable (squid). The machine on which the Network Agent is installed must be able to monitor 2-way employee Internet traffic for Network Agent to function properly. will not perform as expected. Use this option to install additional instances on separate machines. IMPORTANT If you install the Network Agent on a machine that cannot monitor targeted Internet traffic. Dynamic Protocol Management and Bandwidth Optimizer. all the network interface cards enabled appear in a list. including the file itself. The installer shuts down Squid automatically before the installation continues. Network Agent visibility test—Test your machine’s visibility to Internet traffic.

Your new network appears in the list. The subnet mask defaults to 255.0. g. The activity bar at the bottom of the dialog box indicates that a test is in progress. c.0 and changes appropriately as the netmask is defined. Select OK to return to the Traffic Visibility Test screen. You may use the defaults provided or add your own. If the network you want to test with the NIC does not appear in the default list. e.Chapter 4: Installation and Setup Select Test Traffic Visibility to check the visibility of Internet traffic from the installation machine. These netmasks can reside in different network segments depending upon the IP address ranges to be filtered. select a different card to test. f. the selected NIC cannot see the traffic it needs to monitor. Active cards on the installation machine appear in this list. Field Network Card Description Name of the network interface card (NIC) to test. b. Displays the netmasks that are being tested. The counter increments each time the NIC detects an individual IP address from the target network in a passing packet.0. Enter a new netmask value in the Network ID field. If the count for a network remains at zero or is very low. The counter in the IP Address Count column should begin recording Internet traffic immediately from the networks listed. h. Number of IP addresses for which traffic is detected during the test of a Network. d. select Add Network. 54 Websense Enterprise EIM . Select Start Test to begin testing all the networks in the list. Cards without an IP address will not appear in this list. Networks Tested IP Address Count a. Perform one or both of the following tasks: – If the installation machine has multiple NICs. i. Select the network interface card (NIC) that you want to use for the Network Agent.

j. and setup will exit. You will need them when you install the EIM Reporter. • • Select No if the installation machine is not being used as a firewall. You must either reposition the machine in the network or select another machine on which to install the Network Agent. See Chapter 2: Network Configuration for deployment information. Select Exit Setup if the visibility test fails. The range of valid port numbers is from 1024 to 65535. You may continue with the installation without installing Network Agent and reconfigure your network later. Squid Web Proxy Cache 55 . Installation will continue.Chapter 4: Installation and Setup – Resolve network configuration issues to make sure that the NIC can see the desired traffic. This might involve connecting to a different router or configuring for port spanning in a switched environment. Firewall installation warning—Network Agent cannot function properly on a machine running a firewall. When you are sure that your NIC is able to monitor all targeted Internet traffic. or make the necessary changes and retest immediately. you will be required to select an alternate port. Select Yes or No when asked if Network Agent is being installed on a machine that is being used as a firewall. or you have decided to wait to install Network Agent. Continue the Network Agent installation on a machine that is not running a firewall. Network interface card (NIC) selection—Select the network interface card (NIC) that you tested successfully for network visibility. Select Yes if you are attempting to install Network Agent on a firewall machine. Cards without an IP address will not appear in this list. Note Remember the port numbers if you change them from the defaults. If either of the default ports is in use. Port numbers—The installer automatically assigns default port numbers to the Policy Server and to the EIM Server. select Continue installation. k. All network interface cards enabled in the machine appear in a list.

/opt/Websense. Installation will continue. Note The disk space warning appears only when the EIM Server is being installed. For example. You may continue installing Websense and download the Samba client later. If the machine has inadequate disk space or memory for optimal peformance. To download the Samba client. it is strongly recommended that you use the same directory as for the original installation and overwrite the old files. go to the following Web: http://rpmfind. This software controls the display of protocol blocking messages only. If you want to install Websense EIM into a different directory. but you should upgrade your machine for the best performance. System requirements check—The installer compares the system requirements for the installation you have selected with the resources of the installation machine. 56 Websense Enterprise EIM . type in the new path. the installer will create it automatically.Chapter 4: Installation and Setup Directory path—path to the installation directory where Setup will create the Websense directory. IMPORTANT The full installation path must use only ASCII characters. warnings are displayed separately. For installations using the Overwrite option. If this directory does not already exist. Protocol block messages—Setup advises you that you must install the Samba client to display block messages on Windows workstations blocked by Protocol Management.net/linux/RPM/ Note The Samba client is not required for protocol blocking to occur.

Below this list is the total size of the installation. It also sets up the necessary files. and the Websense/EIM/ Manager directory if you installed Websense Manager.Chapter 4: Installation and Setup Installation summary—A summary list is displayed. page 77. When prompted. indicated whether or not you want the installer to restart Squid. Install Websense Manager on either a Windows or Solaris machine by following the instructions in Installing Websense Manager Separately. or remove a component. Note If you decide to change the location of a Websense component. including /etc/rc3. which enables EIM Server to start automatically each time the system starts. add a feature. After you provide the requested information. For instruction on installing the Squid Plug-in. run the Websense installer again on the machine you want to modify and select the appropriate option. showing the installation components you have selected. When you install Websense EIM Server on a machine separate from the Squid Web Proxy Cache.d/S11WebsenseAdmin. refer to page 65. Installing Websense EIM on a Separate Machine This section provides separate instructions for installing Websense EIM components on each operating system. the installation program creates the Websense/EIM directory. 8. 7. you must subsequently install the Squid Plug-in on every Squid Web Proxy machine that will communicate with Websense. The installer detects the presence of Websense components and offers you options for modifying your installation. You may install the following Websense EIM components together on the same machine: Squid Web Proxy Cache 57 . Solaris Follow these installation procedures for each Solaris machine on which you want to install Websense EIM components.

sh 58 Websense Enterprise EIM . see page 80.1.adobe.Chapter 4: Installation and Setup EIM Server Policy Server User Service Websense Manager You can install the Websense Manager alone on a Windows machine (see page 77). 5.pdf)—View or print this and the following document with Adobe Acrobat Reader.sh setup /Documentation Description Installation program Archive file containing related installation files and documents. available free from http://www. see page 84.gz file to the installation directory.1. Release Notes—An HTML file containing release notes and last minute information about Websense.tar.com or on the Websense CD.1. To install DC Agent on a Windows machine. Expand the file into its components with the following command: tar xvf WebsenseEIM_Slr_5.tar. Installation guide for Websense Enterprise EIM (WSInstall_Squid. 3.gz 4. Read this file with any supported browser./install. Log on to the installation machine as the root user. Enter the following command to unzip the file: gunzip WebsenseEIM_Slr_5. after you finish installing the main EIM components on the Solaris machine.tar This places the following files into the installation directory: File install. Copy the WebsenseEIM_Slr_5. To install Network Agent on a Windows machine. To install all the Websense components listed above on a separate machine: 1. 2. Run the installation program from the directory where it resides: . version 5 or later.

and Websense Manager together on the same machine. all the network interface cards enabled appear in a list. Configuration type—Select Install selected EIM components without plug-in Squid Web Proxy Cache 59 .Chapter 4: Installation and Setup To run the GUI version of the installer. Use this option to install additional instances on separate machines. Follow the on-screen instructions and provide the following information: Installation type—Choose one of the following installation types: • • Typical—installs Websense EIM Server. the installer will display an error message advising you that the GUI version is not supported. Custom—allows you to install individual Websense EIM components. If you are using a non-English based system. Websense services will not work.sh -g. Integration—Select Squid Web Proxy Cache. 6. IMPORTANT The installation machine must have 512 MB of RAM to run the GUI version of the Websense EIM installer. use the following command: ./install. Communication interface—If the installation machine is multihomed. User Service. IMPORTANT Make sure you select a NIC in normal mode (cards with an IP address). Select the card you want Websense EIM to use to communicate. Policy Server. Interface cards configured for stealth mode will appear in this list as well. If you select a stealth mode NIC for Websense communications.

The range of valid port numbers is from 1024 to 65535. Protocol block messages—Setup advises you that you must install the Samba client (v2. Web browser—full path to the Web browser you want to use when viewing online help. it is strongly recommended that you use the same directory as for the original installation and overwrite the old files. go to the Sun freeware Web site at: http://www. you will be required to select an alternate port. For example. type in the new path. To download the Samba client.8a) to display block messages on Windows workstations blocked by Protocol Management. For installations using the Overwrite option. Note Remember the port numbers if you change them from the defaults. You may continue installing Websense and download the Samba client later. If either of the default ports is in use. IMPORTANT The full installation path must use only ASCII characters. You will need them when you install the EIM Reporter.com 60 Websense Enterprise EIM .Chapter 4: Installation and Setup Port numbers—The installer automatically assigns default port numbers to the Policy Server and to the EIM Server. If this directory does not already exist. If you want to install Websense EIM into a different directory.2. the installer will create it automatically.sunfreeware. This information is requested only when you choose a Typical installation or are installing Websense Manager separately. Directory path—This is the path to the installation directory where Websense will create the WebsenseEnterprise directory. /opt/Websense/EIM.

d/S11WebsenseAdmin. you must install it on a separate Windows or Solaris machine in your network. Note If you decide to change the location of a Websense component. including /etc/rc3. If you did not install the Websense Manager on this machine. add a feature.Chapter 4: Installation and Setup Note The Samba client is not required for protocol blocking to occur. which enables EIM Server to start automatically each time the system starts. If the machine has inadequate disk space or memory for optimal performance. Installation summary—A summary list is displayed. It also sets up the necessary files. warnings are displayed separately. showing the installation components you have selected and the total size of the installation. page 77. Installation will continue. or remove a component. This software controls the display of protocol blocking messages only. After you provide the requested information. but you should upgrade your machine for the best performance. System requirements check—The installer compares the system requirements for the installation you have selected with the resources of the installation machine. 7. Follow the instructions under Installing Websense Manager Separately. and the Websense/EIM/ Manager directory if you installed Websense Manager. run the Websense installer again on the machine you want to modify and select the appropriate option. Squid Web Proxy Cache 61 . The installer detects the presence of Websense components and offers you options for modifying your installation. Note The disk space warning appears only when the EIM Server is being installed. the installation program creates the Websense/EIM directory.

1. and can be deleted to save disk space. you must install Websense Manager on either a Windows or Solaris machine (page 77). 3. version 4.pdf)—View and print this file with Adobe Acrobat Reader.adobe.1.Chapter 4: Installation and Setup Linux You may install the EIM Server.tar This places the following files into the installation directory: File install. To install Network Agent on a separate Windows or Linux machine see page 84.gz file to the installation directory./install.tar. available free from http://www.sh setup /Documentation Description Installation program Archive file containing related installation files and documents Installation guide for Websense Enterprise EIM (WSInstall_Squid. Log in to the installation machine as the root user.1. 1. see page 80. and Network Agent on the same Linux machine. 2. To install DC Agent on a separate Windows machine.0 or later. (Guides for other integrations may also be extracted. Enter the following command to unzip the file: gunzip WebsenseEIM_Lnx_5.com or on the Websense CD.sh 62 Websense Enterprise EIM . Copy the WebsenseEIM_Lnx_5. Run the installation program from the directory where it resides: . Read this file with any supported browser 5.tar. Expand the file into its components with the following command: tar xvf WebsenseEIM_Lnx_5. User Service.gz 4. Policy Server.) Release Notes – An HTML file containing release notes and last minute information about Websense. After installing Websense EIM.

Setup type—Select Integrated. Integration—Select Squid Web Proxy Cache. Websense services will not work. If you are using a non-English based system. If you select a stealth mode NIC for Websense communications. IMPORTANT The installation machine must have 512 MB of RAM to run the GUI version of the Websense EIM installer. all the network interface cards enabled appear in a list. Follow the onscreen instructions. Installation type—Select Typical to install all the supported Websense EIM components on the installation machine. the installer will display an error message advising you that the GUI version is not supported. Configuration type—Select Install selected EIM components without plug-in.sh -g. IMPORTANT Make sure you select a NIC in normal mode (cards with an IP address)./install. Select the card you want Websense EIM to use to communicate. use the following command: . Communication interface—If the installation machine is multihomed. 6. Interface cards configured for stealth mode will appear in this list as well.Chapter 4: Installation and Setup To run the GUI version of the installer. Port numbers—The installer automatically assigns default port numbers to the Policy Server and to the EIM Server. If either of the Squid Web Proxy Cache 63 . considering the following information as you proceed.

To download the Samba client. System requirements check—The installer compares the system requirements for the installation you have selected with the resources of the installation machine. You will need them when you install the EIM Reporter. /opt/Websense/ EIM. You may continue installing Websense and download the Samba client later. type in the new path.Chapter 4: Installation and Setup default ports is in use.net/linux/RPM/ Note The Samba client is not required for protocol blocking to occur. IMPORTANT The full installation path must use only ASCII characters. it is strongly recommended that you use the same directory as for the original installation. This software controls the display of protocol blocking messages only. If this directory does not already exist. The range of valid port numbers is from 1024 to 65535. Directory path—Enter the path to the directory where Websense will create the Websense directory. For example. the installer will create it automatically. go to the following Web: http://rpmfind. If you want to install Websense EIM into a different directory. Protocol block messages—Setup advises you that you must install the Samba client to display block messages on Windows workstations blocked by Protocol Management. you will be required to select an alternate port. If the machine has inadequate 64 Websense Enterprise EIM . overwriting the old files. Note Remember the port numbers if you change them from the defaults. For installations using the Overwrite option.

Stop the Squid Web Proxy Cache. After you provide the requested information.1. It also sets up the necessary files. page 77 Installing the Plug-in on the Squid Web Proxy Machine If you installed Websense EIM on a machine separate from the Squid Web Proxy Cache. 2.d/ S11WebsenseAdmin. Installation summary—A summary list is displayed.gz file to the installation directory. Note The disk space warning appears only when the EIM Server is being installed. including /etc/rc3. 7.1. showing the installation components you have selected and the total size of the installation. warnings are displayed separately. Enter the following command to unzip the file: gunzip WebsenseEIM_Slr_5. 4. Log on to the machine as the root user. To install the Squid Plug-in on the Squid Web Proxy Cache machine: 1.tar Squid Web Proxy Cache 65 . but you should upgrade your machine for the best performance. the installation program creates the WebsenseEnterprise directory.gz 5.tar. Installation will continue.tar. 3. You must install the Squid Plug-in after installing the Websense EIM Server. Expand the file into its components with the following command: tar xvf WebsenseEIM_Slr_5. which enables EIM Server to start automatically each time the system starts.1. you must install the Squid Plug-in on the Squid Web Proxy Cache machine so that Websense can communicate with it.Chapter 4: Installation and Setup disk space or memory for optimal performance. Copy the WebsenseEIM_Slr_5. Install Websense Manager on either a Windows or Solaris machine by following the instructions in Installing Websense Manager Separately.

Installation guide for Websense Enterprise EIM (WSInstall_Squid. A list of integrations is displayed. Follow the on-screen instructions and provide the following information: Installation type—Choose Typical. Read this file with any supported browser./install. the installer will display an error message advising you that the GUI version is not supported.sh setup /Documentation Description Installation program Archive file containing related installation files and documents. available free from www.com or on the Websense CD. User Service.adobe. Run the installation program from the directory where it resides. and Websense Manager together on the same machine. 7.Chapter 4: Installation and Setup This places the following files into the installation directory: File install. version 5 or later.sh To run the GUI version of the installer. This installs Websense EIM Server.pdf )—View or print this and the following document with Adobe Acrobat Reader. Release Notes—An HTML file containing release notes and last minute information about Websense./install. IMPORTANT The installation machine must have 512 MB of RAM to run the GUI version of the Websense EIM installer.sh -g. . 6. 66 Websense Enterprise EIM . Policy Server. If you are using a non-English based system. use the following command: .

If you did not install the Websense Manager on this machine. page 102.Chapter 4: Installation and Setup Communication interface—If the installation machine is multihomed. or remove a component. The installer detects the presence of Websense components and offers you options for modifying your installation. Installing Websense EIM Components on Windows If you plan to distribute your Websense EIM components on separate Windows machines in your network. and DC Agent. The following procedure assumes that you are installing the following components together on the same machine: Websense Manager Network Agent DC Agent Real-Time Analyzer Squid Web Proxy Cache 67 . If you decide to change the location of a Websense component. 8. follow the instructions under Installing Websense Manager Separately. run the Websense installer again on the machine you want to modify and select the appropriate option. Interface cards configured for stealth mode will appear in this list as well. Websense services will not work. page 77. Network Agent. 9. all the network interface cards enabled appear in a list. page 96 and Removing Components. refer to Adding Components. IMPORTANT Make sure you select a NIC in normal mode (cards with an IP address). For information about adding or removing Websense components. run the full installer on each machine and select a Custom installation. Websense Plug-in—Select Install plug-in only. Integration—Select Squid Web Proxy Cache. or run the separate installers available for Websense Manager. Select the card you want Websense EIM to use to communicate. add a feature. Restart the Squid Web Proxy Cache. If you select a stealth mode NIC for Websense communications.

IMPORTANT User Service and DC Agent must have administrator privileges on the network to retrieve user login information from the domain controller. If you are installing User Service and DC Agent. Without this information.Chapter 4: Installation and Setup To install Websense Enterprise v5. refer to page 84. IMPORTANT Do not extract the installer files to a folder on your desktop. 68 Websense Enterprise EIM . 2. Extract the compressed files to a folder on the installation machine. You are asked to select an installation type. 4. Click Next on the welcome screen and follow the onscreen instructions through the subscription agreement. Log on to the installation machine with domain and local administrator privileges. This may prevent the Real-Time Analyzer from receiving the IP address of the Policy Server machine.exe file containing the Websense EIM installer. this will assure that they have administrator privileges on the domain.exe runs automatically after the files are uncompressed. you may configure administrator privileges for these services after installation by using the Services Properties dialog box. Close all open applications. 5. Accept the default location of C:\Temp or select another appropriate folder. If you cannot install these components with such privileges.1. Download the WebsenseEIM_5. For installation procedures. Typical EIM Server—Full Websense Enterprise EIM installation Network Agent—installs the Network Agent only. Setup. 3. Websense EIM cannot filter by users and groups.1 components on Windows: 1.

If one of the supported servers is detected.0/ 9. Use this option to install Real-Time Analyzer. 7. No notification is displayed. If the installation machine is multi-homed. DC Agent. If neither supported Web server is detected. a dialog box is displayed asking you to choose one server for the RTA instance. If you have selected Real-Time Analyzer. Network Agent. 8. and click Next to continue. Select the components you want to install and click Next. 6. the installer checks your system for a supported Web server (Apache or IIS) and takes the following action: If both supported Web servers are detected. Select Custom and click Next. the installer gives you the option to install the Apache Web server or continue the upgrade without installing RTA. A list of available components to install is displayed. You must restart your computer after installing the Apache Web server and run the Websense EIM installer again to perform the EIM installation. if appropriate. all the network interface cards enabled appear in a list. the installer accepts that Web server for the RTA instance and continues. Select the card with which you want Websense EIM to communicate and click Next.Chapter 4: Installation and Setup Custom—allows you to choose individual Websense components to install. Websense Manager.apache. the Websense installer starts the Apache installer and exits without installing any Websense EIM components.org/docs-2. Note Apache documentation can be found at: http:// httpd. Squid Web Proxy Cache 69 . and the DC Agent. Select a Web server. Separate installers are available for installing the Websense Manager. If you select the Apache Web Server installation option. or Network Agent on separate machines in your network.

select a port number.Chapter 4: Installation and Setup You are asked for the IP address and configuration port number of the Solaris machine on which the Policy Server is installed. IMPORTANT If you install the Network Agent on a machine that cannot monitor targeted Internet traffic. The machine on which the Network Agent is installed must be able to monitor targeted employee Internet traffic to function correctly. some features. 10. which may not work properly when installed on a firewall machine. you are required to select another port before you can continue. The range of valid port numbers is from 1024 to 65535. 70 Websense Enterprise EIM . The installer asks if you want to install the Network Agent and offers you the option of testing your machine’s visibility to Internet traffic. will not perform as expected. such as Dynamic Protocol Management and Bandwidth Optimizer. Keep the default port setting. and click Next to continue. Do not install the Network Agent on a machine running any type of firewall. if possible. Enter the IP address of the Policy Server machine. If the port you select is in use. The Network Agent uses WinPcap. Changing the port may require a change in the configuration of other Websense EIM components.

The Traffic Visibility Test utility is displayed.Chapter 4: Installation and Setup Network Agent Visibility Test Screen 11. Click Test Traffic Visibility to check the visibility of Internet traffic from the installation machine. Traffic Visibility Test Tool Squid Web Proxy Cache 71 .

0 and changes appropriately as the netmask is defined. Enter a new netmask value in the Network ID field. select the network interface card (NIC) that you want to use for the Network Agent. c. Number of IP addresses for which traffic is detected during the test of a Network. Click Start Test to begin testing all the networks in the list.0. Displays the netmasks that are being tested. Cards without an IP address do not appear on the list. From the Network Card drop-down list. d. The activity bar at the bottom of the dialog box indicates that a test is in progress. Your new Network appears in the list. The subnet mask defaults to 255. If the count for a Network remains at zero or is very low.Chapter 4: Installation and Setup Field Network Card Description Name of the network interface card (NIC) to test. e. The counter increments each time the NIC detects an individual IP address from the target Network in a passing packet. 72 Websense Enterprise EIM . Active cards on the installation machine appear in this list. The counter in the IP Address Count column should begin recording Internet traffic immediately from the networks listed. the selected NIC cannot see the traffic it is supposed to monitor. Click OK to return to the Traffic Visibility Test dialog box.0. The Add Network dialog box is displayed. Networks Tested IP Address Count a. b. You may use the defaults provided or add your own. click Add Network. These netmasks can reside in different network segments depending upon the IP address ranges to be filtered. If the network you want to test with the NIC does not appear in the default list.

Select No to install Network Agent. This might involve connecting to a different router or configuring for port spanning in a switched environment. Select the desired card and click Next to continue. All network interface cards enabled in the machine appear in a list. 12.Chapter 4: Installation and Setup f. or you have decided to wait to install Network Agent. You may continue with the installation without installing Network Agent and reconfigure your network later. a screen is displayed asking you to select the network interface card (NIC) that you want to use for capturing traffic. Select Install Network Agent to install the Network Agent on the installation machine. If the port you select is in use. Keep the default port settings. Resolve network configuration issues to make sure that the NIC can see the desired traffic. or make the necessary changes and retest immediately. A dialog box is displayed asking you for the EIM Server IP address and port number. Squid Web Proxy Cache 73 . If you attempt to install DC Agent without providing access to directory information. click Close to continue the installation. Enter the proper IP address and port number. if possible. Perform one or both of the following tasks: • • If the installation machine has multiple NICs. If you are installing DC Agent. See Chapter 2: Network Configuration for deployment information. the installation will continue without installing Network Agent. and then click Next. and click Next to continue. you are required to select another port before you can continue. 15. Select Do not install Network Agent if you do not plan to install the Network Agent at this time or intend to install it on another machine. Changing them may require you to change your integration partner configuration. 14. g. The range of valid port numbers is from 1024 to 65535. If you select Yes. When you are sure that your NIC is able to monitor all targeted Internet traffic. the installer asks you to provide a user name and a password with administrative privileges on the domain. select a different card to test. you will be unable to identify users transparently. The installer warns you that Network Agent cannot be installed on a machine running any type of firewall. If you are installing the Network Agent. 13.

followed by your network password. If the machine has inadequate disk space or memory for optimal peformance. and then click Next. but you should upgrade your machine for the best performance. 18. The installer compares the system requirements for the installation you have selected with the resources of the installation machine. 74 Websense Enterprise EIM . If you select Yes. 17. warnings are displayed in separate screens. If you have selected DC Agent to install. you are asked to create a password for the authenticated connection. and click Next to continue.Chapter 4: Installation and Setup Directory Access for DC Agent 16. Select Yes or No. A dialog box is displayed. the installer asks if you want an authenticated connection between the EIM Server and the DC Agent. Installation will continue. Enter your domain and user name. asking you to select an installation folder for the Websense Enterprise components. or click Browse to locate another installation folder. and click Next to continue. Accept the default path (C:\Program Files\Websense). Note The disk space warning appears only when the EIM Server is being installed.

Double-click Internet Services Manager. To ensure the best performance of the components you are installing.Chapter 4: Installation and Setup 19. you are prompted for the name of the Web site in the IIS Manager under which the installer should create a virtual directory. To enter the correct name of your default Web site (if it is different from Default Web Site). A summary screen is displayed. From the Windows Control Panel. An installation progress bar is displayed. you must enter a value in the Web site name field that matches an existing Web site name in the IIS Manager. listing the components that will be installed and the total size of the installation. which is correct in most instances. type or paste the desired Web site name into the input field exactly as it appears in the IIS Manager. e. To open the IIS Manager: a. and the installer will quit. If you are installing the Real-Time Analyzer and are using IIS as your Web server. If the installation machine has insufficient disk space. b. The default value is Default Web Site. 20. the selected components cannot be installed. the installation will continue. The IIS control screen is displayed d. If the installation machine has less than the recommended amount of memory. you should upgrade your machine’s memory to the recommended minimum. c. Squid Web Proxy Cache 75 . IMPORTANT If you have renamed the Default Web Site in the IIS Manager or are using a language version of Windows other than English. Click Next to continue. Right-click on a Web site in which the installer should create the virtual directory and select Properties from the pop-up menu. Expand the tree under your computer name to view available Web site names. Click Next to start the installation. open Administrative Tools.

Return to the Virtual Directory screen in the Websense installer and replace Default Web Site with the name from the IIS Manager. g. a dialog box is displayed advising you that the machine must be restarted to complete the installation. If DC Agent was not installed. 22. page 107 to perform post installation tasks. Click Next to continue the installation. Close the IIS Manager. See Initial Setup. 21. Exit the installer. If the Network Agent was not installed. Copy the name of the Web site from the Description field to the clipboard. Select a restart option and click Finish to exit the installer. h. If you have installed DC Agent. A message is displayed advising you that the installation was successful. a message reminds you that Protocol Management and Bandwidth Optimizer cannot be used unless Network Agent is installed on a machine with direct access to Internet traffic. i. Click OK to continue. click Finish to exit the installer. 76 Websense Enterprise EIM .Chapter 4: Installation and Setup IIS Manager—Locating the Default Web Site f.

exe. Note The disk space warning appears only when the EIM Server is being installed. 3. If needed. Windows To install Websense Manager separately on a Windows machine: 1. and click the Unzip button to expand the installation files.com. If the machine has inadequate disk space or memory for optimal performance. The program is also available on the Websense CD.1.Chapter 4: Installation and Setup Installing Websense Manager Separately Websense offers a separate installation program for installing Websense Manager on Windows or Solaris machines in your network. For Solaris users. Setup.1. Run WebsenseManager_5. A summary screen is displayed. download the Websense Manager installation program (WebsenseManager_5. Squid Web Proxy Cache 77 . Select a destination folder for the extracted files. Close all open applications. The installer compares the system requirements for the installation you have selected with the resources of the installation machine. and the total size of the installation. Click Next to start the installation. 7.exe) from http://www. Installation will continue. 4. 6. the installation path. 5.exe runs automatically when the files are unzipped.websense. This special installation program is smaller and eliminates the need to copy the full Websense installation program to each installation machine. The WinZip Self-Extractor dialog box is displayed. 2. Follow the onscreen instructions through the subscription agreement. it simplifies the process of installing Websense Manager on a Windows machine. listing the components that will be installed. but you should upgrade your machine for the best performance. Log in with local administrator privileges to the installation machine. warnings are displayed in separate screens.

gz 5. Copy the WebsenseEIM_Slr_5.adobe. Click Next to exit the installer. choosing the Solaris option in the area.sh 78 Websense Enterprise EIM . 4.pdf)— View or print this and the following document with Adobe Acrobat Reader. Enter the following command to unzip the file: gunzip WebsenseEIM_Slr_5. version 5 or later. 8./install.1.Chapter 4: Installation and Setup An installation progress bar is displayed. available free from http://www. Installation guide for Websense Enterprise EIM (WSInstall_Squid. When the installation is finished. Solaris To install the Websense Manager separately on a Solaris machine: 1.com. . download Websense Enterprise from http://www.gz file to the installation directory.sh setup /Documentation Description Installation program Archive file containing related installation files and documents.tar. 6. Release Notes—An HTML file containing release notes and last minute information about Websense. 2. Expand the file into its components with the following command: tar xvf WebsenseEIM_Slr_5.1. a message is displayed advising you that the procedure was successful. 3. If you previously installed Websense Server on a Linux machine.websense. Read this file with any supported browser.com or on the Websense CD.tar. Log in as the root user.1. Run the installation program from the directory where it resides.tar This places the following files into the installation directory: File install.

Websense services will not work. Follow the on-screen instructions. it is strongly recommended that you use the same directory as for the original installation. Consider the following information as you proceed. overwriting the old files.sh -g. all the network interface cards enabled appear in a list. Directory path—path to the installation directory where Websense will create the Websense directory./install. IMPORTANT The installation machine must have 512 MB of RAM to run the GUI version of the Websense EIM installer. the installer creates it automatically. 7.Chapter 4: Installation and Setup To run the GUI version of the installer. For example. Select the card you want Websense EIM to use to communicate. pressing the Enter key after each response. Squid Web Proxy Cache 79 . IMPORTANT Make sure you select a NIC in normal mode (cards with an IP address). the installer will display an error message advising you that the GUI version is not supported. Web browser—full path to the Web browser to use when viewing online help. If this directory does not already exist. If you select a stealth mode NIC for Websense communications. type in the new path. /opt/Websense/ EIM. Interface cards configured for stealth mode will appear in this list as well. use the following command: . For installations using the Overwrite (Solaris) option. If you are using a non-English based system. Select components—Select Manager. If you want to install Websense EIM into a different directory. Communication interface—If the installation machine is multihomed. Installation type—Select Custom.

Initial Setup. you were prompted to install the Websense DC Agent. using a separate installer. Log in with domain and local administrator privileges to the installation machine. This way. See page 13 for additional information. to prepare your Websense EIM system to begin filtering. If you did not install it along with the EIM Server. 80 Websense Enterprise EIM . If you installed Websense EIM Server on a Windows machine. See the next section. or it can be installed on a different Windows server. you will have ample space for DC Agent files that are continually populated with user information. A summary of all the components that will be installed is displayed. If your network is large. you may benefit from installing DC Agent on multiple machines. After you provide the requested information.Chapter 4: Installation and Setup IMPORTANT The full installation path must use only ASCII characters. you can install DC Agent on a separate Windows server machine. 8. Installing DC Agent Separately DC Agent can either be installed together with other EIM components by using the main EIM installer. the installation program creates the Websense/Manager directory. To install DC Agent with the separate installer: 1.

Follow the onscreen instructions through the subscription agreement.exe. Websense EIM cannot filter by users and groups. If you cannot install these components with such privileges. If needed.exe runs automatically when the files are unzipped.exe) from http://www. download the DC Agent installation program (WebsenseDCAgent_5.1. Squid Web Proxy Cache 81 . The WinZip Self-Extractor dialog box is displayed. 3. Setup. 2. and then click the Unzip button to expand the installer files. The program is also available on the Websense CD. Select a destination folder for the extracted files.Chapter 4: Installation and Setup This will install DC Agent with administrator privileges on the domain. you may configure administrator privileges for these services after installation by using the Services Properties dialog box. Close all open applications. You are asked to identify the machine on which the Policy Server is installed.com/ downloads. 4. 5.websense. Run WebsenseDCAgent_5. Without this information. IMPORTANT DC Agent must have administrator privileges on the network to retrieve user login information from the domain controller.1. 6.

82 Websense Enterprise EIM . Enter the IP address of the Policy Server machine and click Next. If you attempt to install DC Agent without providing access to directory information.Chapter 4: Installation and Setup Policy Server Machine Identification IMPORTANT The default configuration port (55806) in this dialog box is the port number the installer used to install the Policy Server. do not change it in this dialog box. you will be unable to identify users transparently. 7. If you installed the Policy Server using the default port number. The installer asks you to provide a user name and a password with administrative privileges on the domain.

followed by your network password. Installation will continue. 9. Enter your domain and user name. warnings are displayed in separate screens. If the machine has inadequate disk space or memory for optimal performance. Note The disk space warning appears only when the EIM Server is being installed. and the total size of the installation. and click Next to continue. Accept the default path (C:\Program Files\Websense). asking you to select an installation folder for DC Agent. A summary screen is displayed. 10. Click Next to start the installation.Chapter 4: Installation and Setup Directory Access for DC Agent 8. The installer compares the system requirements for the installation you have selected with the resources of the installation machine. or click Browse to locate another installation folder and click Next to continue. Squid Web Proxy Cache 83 . A dialog box is displayed. but you should upgrade your machine for the best performance. the installation path. listing the components that will be installed.

Network Agent must be able to monitor 2way Internet traffic from the internal network. If this is part of a multiple deployment of the Network Agent (for load balancing purposes). Installing Network Agent Separately You can install Network Agent on a Windows server or on a Linux machine separate from the EIM Server. The installer asks for the IP addresses and port numbers of these components and will not install the Network Agent if the Policy Server and EIM Server cannot be located. For instructions on setting IP address ranges. You also may install the Network Agent on Windows from a separate installer available from htttp:// www. The following procedure describes the installation of the Network Agent from the main EIM installer.com/downloads. If you are attempting to install the Network Agent on a machine on which the EIM Server and Policy Server are already installed. 13.Chapter 4: Installation and Setup An installation progress bar is displayed. IMPORTANT The Websense EIM Server and the Policy Server must be installed and running prior to installing the Network Agent. a message is displayed advising you that the procedure was successful. Click Next to continue. you must be sure that the IP address ranges for each instance of the Network Agent do not overlap.websense. Install Network Agent on a machine that can see the Internet requests from the internal network as well as the Internet response to the requesting workstations. 11. Configure User Service to communicate with DC Agent by following the instructions for identifying users in the EIM Administrator’s Guide. When the installation is finished. A dialog box is displayed advising you that the machine must be restarted to complete the installation. refer to the procedures in Adding Components. page 96. 84 Websense Enterprise EIM . Select a restart option and click Finish to exit the installer. refer to the EIM Administrator’s Guide. 12.

Run WebsenseNetworkAgent_5. 5. 2. Select a destination folder for the extracted files.websense.1. The program is also available on the Websense CD.exe. 6.com/ downloads. Log on to the installation machine with local administrator privileges. 4.Chapter 4: Installation and Setup Windows To install the Network Agent on a Windows server: 1. Click Next on the welcome screen and follow the onscreen instructions through the subscription agreement.1. Policy Server Machine Identification Squid Web Proxy Cache 85 .exe runs automatically when the files are unzipped. 3. 7. The WinZip Self-Extractor dialog box is displayed. and then click the Unzip button to expand the installer files. Download the Network Agent installation program (WebsenseNetworkAgent_5.exe) from www. You are asked to identify the machine on which the Policy Server is installed. Close all open applications. Setup.

8. Network Agent Visibility Test Screen 86 Websense Enterprise EIM . such as Dynamic Protocol Management and Bandwidth Optimizer. The machine on which the Network Agent is installed must be able to monitor 2-way employee Internet traffic for Network Agent to function properly. IMPORTANT If you install the Network Agent on a machine that cannot monitor targeted Internet traffic. If you installed the Policy Server using the default port number. some features.Chapter 4: Installation and Setup IMPORTANT The default configuration port (55806) in this dialog box is the port number the installer used to install the Policy Server. do not change it in this dialog box. The installer displays a screen describing the features enabled by the Network Agent and offers you the option of testing your machine’s visibility to Internet traffic. will not perform as expected. Enter the IP address of the Policy Server machine and click Next.

reposition the current machine in the network. Exit Setup: If you determine that the installation machine cannot see the appropriate Internet traffic.Chapter 4: Installation and Setup You are given the following three options: Test Traffic Visibility: This selection launches the utility that tests the Internet visibility of the active network interface cards (NIC) in the installation machine. Select another machine for installation. Traffic Visibility Test Tool Squid Web Proxy Cache 87 . 9. select this option to exit Setup. or replace the NIC. Continue installation: If you know that the installation machine has the necessary Internet traffic visibility. The Traffic Visibility Test utility is displayed. Click Test Traffic Visibility to check the visibility of Internet traffic from the installation machine. you may select this option and continue the installation without testing the visibility of the interfaces. Remember that the NIC must have an IP address for Network Agent to function.

0. The counter increments each time the NIC detects an individual IP address from the target Network in a passing packet. Number of IP addresses for which traffic is detected during the test of a Network. 88 Websense Enterprise EIM . Enter a new netmask value in the Network ID field. If the count for a Network remains at zero or is very low. The Add Network dialog box is displayed. You may use the defaults provided or add your own. b.0. Cards without an IP address will not appear in this list. Your new Network appears in the list. The subnet mask defaults to 255.Chapter 4: Installation and Setup Field Network Card Description Name of the network interface card (NIC) to test. c. Click OK to return to the Traffic Visibility Test dialog box. Click Start Test to begin testing all the networks in the list. e. If the network you want to test with the NIC does not appear in the default list. select the network interface card (NIC) that you want to use for the Network Agent. Active cards on the installation machine appear in this list. From the Network Card drop-down list. These netmasks can reside in different network segments depending upon the IP address ranges to be filtered. d. click Add Network. Networks Tested IP Address Count a. the selected NIC cannot see the traffic it is supposed to monitor.0 and changes appropriately as the netmask is defined. The counter in the IP Address Count column should begin recording Internet traffic immediately from the networks listed. The activity bar at the bottom of the dialog box indicates that a test is in progress. Displays the netmasks that are being tested.

Select Yes if you are attempting to install Network Agent on a firewall machine. Select No if the installation machine is not being used as a firewall. click Close to continue the installation. Installation will continue. See Chapter 2: Network Configuration for deployment information. Select Continue installation if the visibility test was successful and the installation machine can see all the necessary Internet traffic. select a different card to test. You may continue with the installation without installing Network Agent and reconfigure your network later. or install a different NIC. 12. You must either reposition the machine in the network. All network interface cards enabled in the machine appear in a list. and setup will exit. Continue the Network Agent installation on a machine that is not running a firewall. A screen is displayed asking you to select the network interface card (NIC) that you want to use for capturing traffic. or you have decided to wait to install Network Agent. Select the desired card and click Next to continue. 11. This might involve connecting to a different router or configuring for port spanning in a switched environment. This will install the Network Agent. Network Agent cannot function properly on a machine running a firewall. 13. When you are sure that your NIC is able to monitor all targeted Internet traffic. 10. Click Next to continue. Select Exit Setup if the visibility test fails. or make the necessary changes and retest immediately. g. select another machine on which to install the Network Agent. Perform one or both of the following tasks: • • If the installation machine has multiple NICs. Squid Web Proxy Cache 89 . Select Yes or No and click Next to continue. Resolve network configuration issues to make sure that the NIC can see the desired traffic. The installer asks you if the Network Agent is being installed on a machine that is acting as a firewall. Continue with the installation.Chapter 4: Installation and Setup f.

Note The disk space warning appears only when the EIM Server is being installed. or click Browse to locate another installation folder. Installation will continue. asking you to select an installation folder for the Network Agent. but you should upgrade your machine for the best performance. If the machine has inadequate disk space or memory for optimal performance. 15. Accept the default path (C:\Program Files\Websense). warnings are displayed in separate screens. 90 Websense Enterprise EIM . Provide a valid IP address and port number (or accept the default) and click Next to continue. The installer compares the system requirements for the installation you have selected with the resources of the installation machine. and then click Next to continue. EIM Server Information Dialog Box 14.Chapter 4: Installation and Setup You are asked for the Filter Port number for this instance of the EIM Server and the IP address of the machine on which the EIM Server is installed. The range of valid port numbers is from 1024 to 65535. A dialog box is displayed.

4. The procedure in this section uses the Custom installation option from the main Websense EIM installer. Click Next to start the installation. Download the Websense EIM installation program (WebsenseEIM_Lnx_5.tar.1. 16.gz file to the installation directory. Click Next to exit the installer.1.tar.gz This places the following files into the installation directory: File install. Linux Network Agent can be installed from the main Websense EIM installer or from a separate installer (WebsenseNetworkAgent_Lnx_5. Log in as the root user. When the installer is finished. Enter the following command to unzip the file: gunzip WebsenseEIM_Lnx_5.sh setup Description Installation program Archive file containing related installation files and documents.websense. a screen is displayed reminding you that you must have Acrobat Reader to access the documentation.gz 5. 3.tar. An installation progress bar is displayed.gz).1. 17. listing the components that will be installed.1. Copy the WebsenseEIM_Lnx_5. 1. If you do not have Acrobat Reader (or the full version of Adobe Acrobat) installed on this machine.tar. 2.Chapter 4: Installation and Setup A summary screen is displayed. Squid Web Proxy Cache 91 . and the total size of the installation. Expand the file into its components with the following command: tar xvf WebsenseEIM_Lnx_5.com/ downloads.gz) from www. A link to the appropriate Adobe download site is displayed. a message is displayed advising you that the procedure was successful. the installation path.1.tar.

Read this file with any supported browser. Select components—Select Network Agent from the list of Websense EIM components. 92 Websense Enterprise EIM . 7. Run the installation program from the directory where it resides. If you installed the Policy Server using the default port number. version 5 or later.Chapter 4: Installation and Setup File /Documentation Description Installation guide for Websense Enterprise EIM (WSInstall_Squid. .adobe. Policy Server identification—Provide the IP address and configuration port number for the machine on which the Policy Server in installed. Follow the on-screen instructions. IMPORTANT The installation machine must have 512 MB of RAM to run the GUI version of the Websense EIM installer. pressing the Enter key after each response.pdf)— View or print this and the following document with Adobe Acrobat Reader. 6. Provide the following information as you proceed.com or on the Websense CD. IMPORTANT The default configuration port (55806) in this dialog box is the port number the installer used to install the Policy Server. Installation type—Select Custom. use the following command: . do not change it here. the installer will display an error message advising you that the GUI version is not supported./install.sh To run the GUI version of the installer./install. Release Notes—An HTML file containing release notes and last minute information about Websense.sh -g. available free from http://www. If you are using a non-English based system.

Your new network appears in the list. b.0 and changes appropriately as the netmask is defined. IMPORTANT If you install the Network Agent on a machine that cannot monitor targeted Internet traffic. Cards without an IP address will not appear in this list. Select the network interface card (NIC) that you want to use for the Network Agent. Select OK to return to the Traffic Visibility Test screen. These netmasks can reside in different network segments depending upon the IP address ranges to be filtered. select Add Network. Enter a new netmask value in the Network ID field. The subnet mask defaults to 255. Select Start Test to begin testing all the networks in the list. Networks Tested IP Address Count a. Displays the netmasks that are being tested. e. You may use the defaults provided or add your own. Squid Web Proxy Cache 93 . If the network you want to test with the NIC does not appear in the default list. c. The machine on which the Network Agent is installed must be able to monitor 2-way employee Internet traffic for Network Agent to function properly.0. g. Active cards on the installation machine appear in this list.0. Number of IP addresses for which traffic is detected during the test of a Network. Select Test Traffic Visibility to check the visibility of Internet traffic from the installation machine. d.Chapter 4: Installation and Setup Network Agent visibility test—Test your machine’s visibility to Internet traffic. Field Network Card Description Name of the network interface card (NIC) to test. f. will not perform as expected. Dynamic Protocol Management and Bandwidth Optimizer.

Select Yes or No when asked if Network Agent is being installed on a machine that is being used as a firewall. the selected NIC cannot see the traffic it needs to monitor. k. If the count for a network remains at zero or is very low. The activity bar at the bottom of the dialog box indicates that a test is in progress. Continue the Network Agent installation on a machine that is not running a firewall. i. j. or make the necessary changes and retest immediately. and setup will exit. – Resolve network configuration issues to make sure that the NIC can see the desired traffic. The counter increments each time the NIC detects an individual IP address from the target network in a passing packet. Installation will continue. The counter in the IP Address Count column should begin recording Internet traffic immediately from the networks listed. Select Exit Setup if the visibility test fails. select Continue installation. Perform one or both of the following tasks: – If the installation machine has multiple NICs. Firewall installation warning—Network Agent cannot function properly on a machine running a firewall. When you are sure that your NIC is able to monitor all targeted Internet traffic.Chapter 4: Installation and Setup h. You must either reposition the machine in the network or select another machine on which to install the Network Agent. Select Yes if you are attempting to install Network Agent on a firewall machine. See Chapter 2: Network Configuration for deployment information. This might involve connecting to a different router or configuring for port spanning in a switched environment. or you have decided to wait to install Network Agent. select a different card to test. 94 Websense Enterprise EIM . • • Select No if the installation machine is not being used as a firewall. You may continue with the installation without installing Network Agent and reconfigure your network later.

the installer creates it automatically. 8. System requirements—The installer compares the system requirements for the installation you have selected with the resources of the installation machine. Directory Path—path to the installation directory where Websense will create the Websense directory. do not change it in this dialog box. IMPORTANT The default configuration port (15868) in this dialog box is the port number the installer used to install the EIM Server. Installation summary—A summary of all the components that will be installed is displayed. If you installed the EIM Server using the default port number. Exit the installer when the success message is displayed. but you should upgrade your machine for the best performance.Chapter 4: Installation and Setup Network interface card (NIC) selection—Select the network interface card (NIC) that you tested successfully for network visibility. Note The disk space warning appears only when the EIM Server is being installed. For example. warnings are displayed separately. IMPORTANT The full installation path must use only ASCII characters. All network interface cards enabled in the machine appear in a list. /opt/Websense/ EIM. If the machine has inadequate disk space or memory for optimal performance. If this directory does not already exist. EIM Server identification—Provide the IP address and filter port number for the machine on which the EIM Server is installed. Installation will continue. Squid Web Proxy Cache 95 . Cards without an IP address will not appear in this list.

Websense Manager. you may want to add components to change the configuration of Websense in your network. the EIM Server cannot filter by users and groups.Chapter 4: Installation and Setup Modifying an Installation If you decide to change the location of a Websense EIM component or modify your Websense EIM installation. Without this information. If you are installing DC Agent. and that the remaining components are going to be added. Log on to the installation machine with domain and local administrator privileges. 96 Websense Enterprise EIM . run the full EIM installer again on the machine you want to modify and select the appropriate option. 2. and User Service are already installed. To add components in a Windows environment: 1. The installer detects the presence of EIM components and offers you the following installation options: Add Websense Enterprise components Remove Websense Enterprise components Repair existing Websense Enterprise components Adding Components After installing Websense Enterprise. Policy Server. this will assure that it has administrator privileges on the domain. 3. IMPORTANT DC Agent must have administrator privileges on the network to retrieve user login information from the domain controller. Run the main Websense EIM installation program (Setup. you may configure administrator privileges for this service after installation by using the Services Properties dialog box. If you cannot install DC Agent with such privileges. The following procedure assumes that the EIM Server.exe). Close all open applications.

some features. 5. By default. The installer displays a screen describing the features enabled by the Network Agent and offers you the option of testing your machine’s visibility to Internet traffic. all selections are checked. Clear the check boxes of those components you do not want to install and click Next. a dialog box is displayed asking you what action you want to take with the Websense components the installer has detected on the machine. 4. The machine on which the Network Agent is installed must be able to monitor 2-way employee Internet traffic for Network Agent to function properly. such as Dynamic Protocol Management and Bandwidth Optimizer. The installer displays a list of components not currently installed on the installation machine. will not perform as expected. IMPORTANT If you install the Network Agent on a machine that cannot monitor targeted Internet traffic.Chapter 4: Installation and Setup After the welcome screen. Select Add Websense Enterprise components and click Next. Network Agent Visibility Test Screen Squid Web Proxy Cache 97 .

Traffic Visibility Test Tool 98 Websense Enterprise EIM . Click Test Traffic Visibility to check the visibility of Internet traffic from the installation machine. or replace the NIC. Continue installation: If you know that the installation machine has the necessary Internet traffic visibility.Chapter 4: Installation and Setup You are given the following three options: Test Traffic Visibility: This selection launches the utility that tests the Internet visibility of the active network interface cards (NIC) in the installation machine. reposition the current machine in the network. Remember that the NIC must have an IP address for Network Agent to function. Exit Setup: If you determine that the installation machine cannot see the appropriate Internet traffic. you may select this option and continue the installation without testing the visibility of the interfaces. The Traffic Visibility Test utility is displayed. 6. select this option to exit Setup. Select another machine for installation.

Squid Web Proxy Cache 99 . The Add Network dialog box is displayed. Cards without an IP address will not appear in this list. These netmasks can reside in different network segments depending upon the IP address ranges to be filtered. d.0 and changes appropriately as the netmask is defined. Networks Tested IP Address Count a. From the Network Card drop-down list. select the network interface card (NIC) that you want to use for the Network Agent. Displays the netmasks that are being tested. If the count for a Network remains at zero or is very low. b. Your new Network appears in the list. If the network you want to test with the NIC does not appear in the default list. e. click Add Network. the selected NIC cannot see the traffic it is supposed to monitor. The subnet mask defaults to 255. The counter increments each time the NIC detects an individual IP address from the target Network in a passing packet. The counter in the IP Address Count column should begin recording Internet traffic immediately from the networks listed. c. Click Start Test to begin testing all the networks in the list. You may use the defaults provided or add your own. Enter a new netmask value in the Network ID field.0.Chapter 4: Installation and Setup Field Network Card Description Name of the network interface card (NIC) to test. The activity bar at the bottom of the dialog box indicates that a test is in progress. Click OK to return to the Traffic Visibility Test dialog box. Active cards on the installation machine appear in this list.0. Number of IP addresses for which traffic is detected during the test of a Network.

Network Agent cannot function properly on a machine running a firewall. All network interface cards enabled in the machine appear in a list. Continue the Network Agent installation on a machine that is not running a firewall. Select Install Network Agent if the visibility test was successful and the installation machine can see all the necessary Internet traffic. Select Yes if you are attempting to install Network Agent on a firewall machine. Perform one or both of the following tasks: • • If the installation machine has multiple NICs. Resolve network configuration issues to make sure that the NIC can see the desired traffic. Select No if the installation machine is not being used as a firewall. This might involve connecting to a different router or configuring for port spanning in a switched environment. click Close to continue the installation.Chapter 4: Installation and Setup f. Select the desired card and click Next to continue. See Chapter 2: Network Configuration for deployment information. g. 8. and setup will exit. This will install the Network Agent. 9. You may continue with the installation without installing Network Agent and reconfigure your network later. 7. When you are sure that your NIC is able to monitor all targeted Internet traffic. select a different card to test. Continue with the installation. Installation will continue. 100 Websense Enterprise EIM . Select Yes or No and click Next to continue. or make the necessary changes and retest immediately. Click Install Network Agent to continue. 10. The installer asks you if the Network Agent is being installed on a machine that is acting as a firewall. Select Do not install Network Agent to continue the Websense EIM installation without installing the Network Agent. A screen is displayed asking you to select the network interface card (NIC) that you want to use for capturing traffic. or you have decided to wait to install Network Agent.

Directory Access for DC Agent Enter your domain and user name. and click Next to continue. Squid Web Proxy Cache 101 . • • If you select Yes. the installer asks you to provide a user name and a password with administrative privileges on the domain. If you select No. If you attempt to install DC Agent without providing access to directory information. the installation continues without prompting you for a password. The installer asks if you want an authenticated connection between the User Service and the DC Agent. you must create a password for the connection.Chapter 4: Installation and Setup If you are installing DC Agent. you will be unable to identify users transparently. followed by your network password.

To remove installed Websense EIM components in a Windows environment: 102 Websense Enterprise EIM . Select a restart option and click Finish to exit the installer. If the machine has inadequate disk space or memory for optimal performance. IMPORTANT The Policy Server service must be running to uninstall any Websense EIM components. Click Next to continue. A message is displayed advising you that the installation was successful. the installation path. and the total size of the installation. 12. Click OK to continue. A progress bar is displayed. To remove the Policy Server. you must also remove all the other components installed on the machine. Installation will continue. A summary screen is displayed. listing the components that will be installed. but you should upgrade your machine for the best performance. you may want to remove installed components to change the configuration of EIM in your network. If the Network Agent was not installed. Click Next to begin installation. Removing Components After installing Websense Enterprise EIM or any of its components. warnings are displayed in separate screens.Chapter 4: Installation and Setup The installer compares the system requirements for the installation you have selected with the resources of the installation machine. 11. a message reminds you that Protocol Management and Bandwidth Optimizer cannot be used unless Network Agent is installed on a machine with direct access to Internet traffic. 13. Note The disk space warning appears only when the EIM Server is being installed. A dialog box is displayed advising you that the machine must be restarted to complete the installation.

This procedure does not troubleshoot components. all selections are checked. Run the main Websense EIM v5.1 installation program (Setup. If the Policy Server is not running. Close all open applications. You may exit the installer to restart the Policy Server or continue uninstalling the selected components. Click Next to exit the installer. Clear the check boxes of the components you do not want to remove. 4. By default. Log on to the installation machine with domain and local administrator privileges. and click Next. A summary list is displayed of the components you have selected to remove. a dialog box is displayed advising you that removing Websense EIM components may require communication with the Policy Server. or is not performing normally. and click Next. expect the process to take several minutes. Click Next to begin uninstalling the components. 6. Select Remove Websense Enterprise components. Squid Web Proxy Cache 103 . 3. 5. If you are uninstalling Network Agent on a remote machine after removing the Policy Server. A completion messages advises you when the procedure is finished. you can run the installer again and repair the installation. A list of installed components is displayed. To repair your installation: 1. After the welcome screen. 2. Network Agent will be successfully uninstalled. 7. although no progress notification will be displayed. Repairing an Installation If a component fails to install properly. Log on to the installation machine with local administrator privileges. but merely overwrites all the installed components using original installation data retrieved from the configuration file.Chapter 4: Installation and Setup 1.exe). a dialog box is displayed asking you what action you want to take with the installed Websense EIM components.

this will assure that they have administrator privileges on the domain. Click Next to stop the services listed. Without this information. A list of currently running Websense services is displayed. 4.Chapter 4: Installation and Setup If you are installing User Service and DC Agent. The message explains that the installer will stop these services before continuing with the installation. you may configure administrator privileges for these services after installation by using the Services Properties dialog box. An option screen informs you that the installer has detected a Websense EIM installation and asks you what action you would like to take. IMPORTANT User Service and DC Agent must have administrator privileges on the network to retrieve user login information from the domain controller. The installer advises you that it will repair the current installation by reinstalling the existing Websense EIM components. Select Repair existing Websense Enterprise components and follow the onscreen instructions. 3. Close all open applications.1 installation program (Setup. A progress message is displayed while the installer shuts down Websense services. 6. If you cannot install these components with such privileges. Select Yes and click Next to continue. 2. 5. 104 Websense Enterprise EIM . Run the main Websense EIM v5.exe) and follow the onscreen instructions. Websense EIM cannot filter by users and groups.

refer to the Websense EIM v5. Click Next to continue. 8. To reinstall the Policy Server and preserve the connection between distributed components: 1. Refer to Stopping or Starting Websense Services. Installation will continue. An installation progress bar is displayed. For detailed information on the system requirements evaluation. Stop the Policy Server. If DC Agent was not installed. a dialog box is displayed advising you that the machine must be restarted to complete the installation.1 installation procedures. Squid Web Proxy Cache 105 . Unless this is done correctly. page 117 for instructions. warnings are displayed in separate screens. 7.Chapter 4: Installation and Setup The installer compares the system requirements for the installation you have selected with the resources of the installation machine. Select a restart option and click Finish to exit the installer. communication with components installed on separate machines will be broken. advising you that the procedure has been successful. If you have installed DC Agent. a message is displayed. When the procedure is finished. If the machine has inadequate disk space or memory for optimal performance. but you should upgrade your machine for the best performance. Reinstalling the Policy Server It may become necessary to reinstall the Policy Server in a distributed environment. click Finish to exit the installer. Note The disk space warning appears only when the EIM Server is being installed. Exit the installer.

In the [initSection] area. 3.xml file. Run the main Websense EIM installer on the Policy Server machine and select Repair existing Websense Enterprise components when prompted. Restart the Policy Server. 7. Open the wsSquid. Note The EIM Database is removed during the repair process and must be reloaded. 2. Replace the config. For specific instructions. Make a backup copy of the config. To redirect Squid to a different EIM Server: 1. 3.ini file using any text editor. Restart the services of the remote Websense EIM components. refer to Repairing an Installation. edit the following command: 106 Websense Enterprise EIM . you can direct Squid to send filtering requests to a different EIM Server by editing the Squid initialization file. 8. Redirecting Squid to a Different EIM Server After installation. 4. Stop the services of the distributed Websense EIM components on the individual machines. When the installer is finished repairing the system.Chapter 4: Installation and Setup 2. Navigate to the /etc/wsLib directory on the Squid machine.xml file created by the repair procedure with your backup copy. 6. and put it in a safe location. page 103 5. you can use the most recent backup copy of the file saved to a shared network drive to restore the system. stop the newly installed Policy Server. Note If you cannot make a backup copy of the current configuration file due to a system crash or other hardware problems. found in \Websense\EIM\bin.

Configure your firewall or Internet router appropriately.Chapter 4: Installation and Setup WebsenseServerIP=<IP address> . See Identifying the Proxy Server for the Network Agent. 5. where <IP address> is the correct IP address of the machine running the EIM Server. Initial Setup After installing Websense. If the EIM server is installed on a multihomed machine.0. See Displaying Protocol Block Messages. IMPORTANT Do NOT use the loopback address 127. identify the EIM server by its IP address in your network so that Websense block messages can be sent to users. 4. All workstations being filtered must have the Messenger Service enabled to receive protocol block messages. See Configuring Firewalls or Routers. See HTTPS Blocking. page 112 for instructions.1. configure Squid appropriately. page 115 for instructions. Save the file. See Subscription Key and Database Download for instructions. page 112 for instructions If you want to block https traffic. . the IP addresses of all proxy servers through which workstations route their Internet requests must be defined. See Identifying the EIM Server for the Block Page URL. Squid Web Proxy Cache 107 . page 111 for instructions. page 116 for instructions.0. you must perform the following tasks to complete the setup process. If the Network Agent was installed. Stop and restart Squid. You must use your Websense subscription key to download the EIM Database. .

Set a password (between 4 and 25 characters) for the Policy Server. Select Server > Settings./start_manager. Click OK. Solaris: Go to the Websense/Manager directory and enter: . follow the instructions below to enter your subscription key. 108 Websense Enterprise EIM . 5. Enter the IP address or machine name of the machine on which you installed the Policy Server. The server's IP address or machine name appears in the Manager’s navigation pane. 3. If this is a first time installation of Websense. a. 2. 4. or after the Policy Server is stopped and restarted. 6. It is downloaded from a remote database server so that your version is the most current. the Add Policy Server dialog box appears. Windows: Select Start > Programs > Websense > Websense Manager. Double-click the icon of the Policy Server in the navigation pane. Note Retain this password. the Set Websense Password dialog box appears. Click OK. To download the EIM Database: 1. and the configuration port established during installation (default is 55806). which allows you to download the EIM Database. b. For a first time installation. Open Websense Manager on any machine where it is installed.Chapter 4: Installation and Setup Subscription Key and Database Download The Websense EIM Database is the basis for filtering and is updated daily by default. It must be entered when you connect to this Policy Server from this or any other Websense Manager. For a first time installation.

Note The value in the Subscribed users field shows 0 until the database is successfully downloaded. Settings Screen 7. perform the following procedure: Squid Web Proxy Cache 109 .Chapter 4: Installation and Setup The Settings dialog box is displayed. the Settings dialog box appears automatically. Enter your alphanumeric key in the Subscription key field. Note If no subscription key has been entered. 8. If your network requires authentication to an upstream firewall or proxy server to reach the Internet and download the EIM Database.

The first time the key is entered. Check Use authentication. Note After downloading the EIM Database or updates to the EIM Database. Check Use proxy server. 10. 11. Enter the Port of the upstream proxy server or firewall (default is 80). Click OK. Identify the upstream proxy server or firewall in the Server field. c. b. Use localhost instead.com 110 Websense Enterprise EIM . Websense automatically contacts the Websense database server and begins downloading the EIM Database. CPU usage can be 90% or more while the database is loaded into local memory. do not enter that IP address in your proxy settings. Enter the User name required by the upstream proxy server or firewall to download the EIM Database.Chapter 4: Installation and Setup a. Establish the proxy settings for the database download as follows: a. Enter the Password required by the upstream proxy server or firewall. Be sure to configure the upstream proxy server or firewall to accept clear text or basic authentication (for Websense to download the EIM Database).mywebsense. If your network requires that browsers use an upstream proxy server to reach the Internet. d. Note If Websense Enterprise EIM is installed on a proxy server machine in your network. b. Click Done in the Saving Data dialog box. the following Web site is displayed: www. Do NOT use a host name that has extended ASCII or doublebyte characters. and when the EIM Server is started. 9. c. the same proxy settings used by the browser must be used for downloading the Websense EIM Database. You may identify the machine by IP address (recommended) or host name.

2. 1. associate the machine name of the EIM Server machine with its correct (typically internal) IP address by entering the IP address as a resource record in your DNS server.Chapter 4: Installation and Setup Identifying the EIM Server for the Block Page URL When Websense blocks an Internet request.ini file in a text editor. Save the file. the browser is redirected by default to a block message page hosted by the EIM Server.0.0.ini file by following these instructions. 4.cgi?ws-session=######### If the EIM Server is installed on a multihomed machine (with two or more network interface cards). See your DNS server documentation for instructions. Squid Web Proxy Cache 111 . If you do not have internal DNS. is contained in the block page URL. Go to the Websense/EIM/bin directory. enter the following command on a blank line: BlockMsgServerName=<IP address> where <IP address> is the correct (typically internal) IP address of the machine running EIM Server. 3. Do not use the loopback address 127. The format of the block page URL typically takes the form: http://<WebsenseServerIPAddress>:<MessagePort>/cgi-bin/ blockpage. the users could see a blank page instead of the block message. you must identify the EIM Server by its IP address in your network so that EIM block messages can be sent to users. 5.1. rather than the IP address. Use one of the following methods to identify the EIM Server by IP address: If you have an internal DNS server. If the EIM Server machine name. Stop and then restart the EIM Server (see page 117). In the [WebsenseServer] area. add an entry to the eimserver. Open the eimserver.

Chapter 4: Installation and Setup Displaying Protocol Block Messages Websense EIM will filter protocol requests normally whether or not protocol block messages are configured to display on user workstations. and Windows 2003: Make sure that the User Service has administrator privileges. Windows 2000. Refer to your operating system documentation for instructions on changing privileges for Windows Services. the Network Agent cannot filter or log requests accurately. found in the Windows directory of your local drive. The Settings screen is displayed. If you have activated protocol management in Websense EIM v5. For users to view protocol block messages in Windows NT.exe. check the Services dialog box to see if the Messenger Service is running. 112 Websense Enterprise EIM . Note Protocol block messages cannot be displayed on Solaris or Linux operating systems.1. To define proxy server IP addresses: 1. Select Server > Settings. If your company policy requires the Messenger Service to be disabled. You can start this application from a command prompt or configure it to start automatically by copying it into the Startup folder. you should advise your users that certain protocols will be blocked without notification. Make sure the Messenger Service is enabled on each client workstation that is being filtered. you must provide the IP addresses of all Squid machines through which Internet requests from the workstations monitored by Network Agent are routed. Open the Websense Manager and connect to the Policy Server. refer to your operating system documentation. For instructions on how to do this. Without this address. 2. Network Agent will log the address of the proxy server as the source IP address of all permitted requests and will not log blocked requests at all. you must start winpopup. Identifying the Proxy Server for the Network Agent If you have installed Network Agent. To view protocol block messages on a Windows 98 machine.

Network Agent Selection Screen 4. Select Network Agent from the Settings Selections pane. The Network Agent settings screen is displayed. Squid Web Proxy Cache 113 .Chapter 4: Installation and Setup 3. The local Network Agent settings dialog box is displayed. showing the IP address and interface of the Network Agent. Click Local Settings.

Chapter 4: Installation and Setup Network Agent Local Settings 5. Click Next. 7. An EIM Server connection screen is displayed. A dialog box is displayed allowing you to define an IP address or a range of addresses. Select the IP address of the Network Agent from the tree structure and click Edit Selection. A blank proxy/cache server list is displayed. 8. 114 Websense Enterprise EIM . 6. Click OK to add the IP address to the list of proxy or cache servers. Click Add.

Click Finish. Save your changes. If Squid is configured to act as a proxy server.Chapter 4: Installation and Setup Proxy/Cache Server List 9. causing Squid to ignore all https traffic. page 125. The default setting for this parameter is no. Squid Web Proxy Cache 115 . Restart Squid. the Squid error page can be used as the block page. For information refer to Transparent Identification. Set the value of the UseHTTPSBlockPage parameter to yes. To configure Squid to present an https block page: 1. 2. Open the wsSquid. HTTPS Blocking There are two options for blocking https traffic with a Squid integration: Squid will block https traffic when it is set to transparent mode.ini file in any text editor (located in /etc/wsLib/ in Solaris and Linux). 3. 4.

To use these options. and Gopher requests. HTTPS. and Gopher requests only from the Squid Web Proxy Cache. Workstation Configuration Workstations must have a Web browser that supports proxy-based connections. Internet browsers on workstations must be configured to use Squid Server to handle HTTP. Contact your router or firewall vendor for information on configuring access lists on the router or firewall. HTTPS. the proxy or firewall must be configured to accept clear text or basic authentication to enable the EIM Database download. 116 Websense Enterprise EIM . Refer to your browser documentation for instructions on how to configure your browser to send all Internet requests to the Squid Web Proxy Cache.Chapter 4: Installation and Setup Configuring Firewalls or Routers To prevent users from circumventing Websense EIM filtering. Additionally. your firewall or Internet router should be configured to allow outbound HTTP. workstation browsers must support Java. versions 4. FTP. IMPORTANT If Internet connectivity of the Websense Manager requires authentication through a proxy server or firewall for HTTP traffic. Browsers must point to the same port (3128) that Squid Server uses for each protocol. AfterWork-related filtering options make use of Java-based technology.0 or later of Microsoft Internet Explorer or Netscape Navigator support proxy-based connections and Java technology. Among others. FTP.

Restarting stops the service. you must stop the EIM Server whenever you edit the websense. For example.Chapter 4: Installation and Setup Stopping or Starting Websense Services Occasionally you may need to stop or start a Websense service. 3.ini file. 4. Windows NT To stop or start a Websense service on a Windows NT machine: 1. or restart a Websense service by using the Services dialog box. Note By default. Note When the EIM Server is started. and after customizing default block messages. The Services dialog box is displayed. then restarts it again immediately from a single command. CPU usage can be 90% or more for several minutes while the EIM Database is loaded into local memory. Scroll down the list of available services and select a Websense service. start. Squid Web Proxy Cache 117 . 2. Double-click Services. Note The Windows NT Services dialog box does not have the restart feature. Select Start > Settings > Control Panel. Click Stop or Start. Websense services are configured to start automatically when the computer is started. Windows Stop.

Windows 2000 Services List Note By default.Chapter 4: Installation and Setup Windows 2000 and 2003 To stop or start Websense services on a Windows 2000 or 2003 machine: 1. 118 Websense Enterprise EIM . From the Control Panel. 2. select Administrative Tools > Services. Websense services are configured to start automatically when the computer is started. Scroll down the list of available services and select a Websense service.

/WebsenseAdmin stop ./WebsenseAdmin start ./WebsenseAdmin restart Squid Web Proxy Cache 119 . 2. Stop. Solaris and Linux You can stop. Restarting stops the services. Start . Stop. select Start. or Restart or click one of the control buttons in the toolbar (Stop . or restart Websense services from a command line on a Solaris or Linux machine. From the Action menu. or restart the EIM Server with one of the following commands: . 1. or Restart ). then restarts it again immediately from a single command.Chapter 4: Installation and Setup Windows 2003 Services List 3. then restarts it again immediately from a single command. Restarting stops the service. Go to the /Websense/EIM directory. start. start.

/WebsenseAdmin status IMPORTANT DO NOT use the kill command to stop a Websense services.Chapter 4: Installation and Setup 3. This procedure may corrupt the services. 120 Websense Enterprise EIM . View the running status of the Websense services with the following command: .

Squid may be able to obtain user identification and send it to Websense along with the Internet request. EIM can filter based on workstation or network policies. Depending on the authentication method you choose. Select an authentication method that identifies users transparently and sends the information to the EIM Server along with the Internet request. it can filter requests based on policies assigned to individual directory objects. See your EIM Administrator's Guide for more information on manual authentication. Note In any environment.Chapter 5: Authentication Authentication is the process of identifying a user within a network who has an account in a directory service. Workstations are identified within EIM by their IP addresses. it will prompt users for authentication. This can be accomplished with one or more of the following methods: Select an authentication method within Squid so that it sends user information to the EIM Server. In order to filter Internet requests for individual directory objects. Enable manual authentication within Websense EIM so that if the EIM Server is not able to identify users transparently. the EIM Server must be able to identify the user making the request. and networks are identified as IP address ranges. Squid Web Proxy Cache 121 . Once the EIM Server receives this information.

Squid doesn't use ICP queries for a request if Squid is behind a firewall or if there is only one parent.Chapter 5: Authentication Client Types The term clients in this environment refers to workstations or applications that run on workstations and rely on a server to perform some operations. If you want to assign individual user or group policies. you can enable one or more of the Squid authentication methods.conf file to deal with Internet requests. This allows Websense to obtain the user information it needs if it does not receive it from Squid or DC Agent (see Manual Authentication in the EIM Administrator's Guide). Squid works with two types of clients. Firewall Web Proxy Firewall Clients If you are behind a firewall you cannot make direct connections to the outside world without the use of a parent cache. never_direct—specifies which requests must be forwarded to your parent cache outside the firewall always_direct—specifies which requests must not be forwarded Consult your Squid documentation for more information. 122 Websense Enterprise EIM . Enable Websense EIM to prompt users for authentication. Each type of client can be configured so that the EIM Server is able to obtain user identification and filter Internet requests based on user and group policies. do one or more of the following: If the network uses multiple types of browsers. discussed in the next section. Web Proxy Clients Web Proxy clients send Internet requests directly to the Squid server machine after the browser is configured to use the Squid server as the proxy server. Some of these methods may require users to authenticate manually. Use the following lists in the squid.

Basic Authentication When basic authentication is enabled within Squid. regardless of the browser. Anonymous Authentication When anonymous authentication is enabled within Squid.Chapter 5: Authentication Authentication Methods Squid v2.5 offers the following authentication methods: Anonymous Basic Windows NT Challenge/Response Digest See your Squid documentation for instructions on enabling authentication within Squid. which is then able to filter Internet requests based on individual user and group policies. IMPORTANT Before changing authentication methods. user identification is not received from the browser that requests a site. Basic authentication can be enabled in combination with Windows NT Challenge/Response or Integrated Windows Authentication. and send it to the EIM Server. This allows Squid to obtain user identification. allow Internet filtering based on workstation or network policies. Users cannot be filtered based on individual user or group policies unless anonymous authentication is disabled and another method of authentication is enabled. please consider the impact the change could make on other proxy server functions. Anonymous authentication does. discussed in the next section. or by the Global policy. however. Squid Web Proxy Cache 123 . if applicable. users are prompted to authenticate (log on) each time they open a browser.

which is then able to filter Internet requests based on individual user and group policies. If your network has a mixture of Microsoft Internet Explorer browsers and other browsers. users with Microsoft Internet Explorer browsers are identified transparently and users with other browsers are prompted to authenticate. Windows NT Challenge/Response and Integrated Windows Authentication If Windows NT Challenge/Response is enabled. you can enable both Basic and Windows NT Challenge/ Response or Basic and Integrated Windows Authentication. In this case. but has a clear advantage because the user name and password are scrambled when sent from the browser to Squid. you can enable Anonymous authentication within Squid and use the Websense transparent identification feature. Note If you want all users in a mixed browser environment to be identified transparently. Note Windows NT Challenge/Response and Integrated Windows Authentication cannot obtain user identification information transparently from browsers other than Microsoft Internet Explorer.Chapter 5: Authentication Digest Authentication Digest Authentication is a secure form of authentication that can be used only in Windows 2000 domains. 124 Websense Enterprise EIM . Digest Authentication offers the same features as Basic authentication. Squid obtains user identification transparently from Microsoft Internet Explorer browsers and sends it to EIM. This allows the user to authenticate to Squid without the user name and password being intercepted. and permits the EIM Server to obtain user identification for user and group based policies.

refer to the EIM Administrator's Guide. Squid Web Proxy Cache 125 . This allows the EIM Server to identify users transparently whenever they open a browser that sends Internet requests to Squid. The DC Agent can be installed together with the EIM Server on the same machine.Chapter 5: Authentication Transparent Identification The Websense transparent identification feature allows the EIM Server to filter Internet requests from users identified in a Windows directory without prompting them to authenticate manually. For information about installing the Websense DC Agent separately. the EIM Server matches the address with the corresponding user name provided by DC Agent. This feature comes into play if the authentication method enabled within Squid does not send user information to the EIM Server. For information about Websense EIM manual authentication. see page 80. To take advantage of the transparent identification feature. the Websense DC Agent must be installed on a Windows server machine in the network. When the EIM Server receives the IP address of a machine making an Internet request. or on a different Windows server machine using a separate installation program. Once the EIM Server is configured to communicate with DC Agent. DC Agent obtains user information from a Windows-based directory service and sends it to the EIM Server.

Chapter 5: Authentication 126 Websense Enterprise EIM .

When installing on Windows. it might be desirable to configure the Network Agent to inspect all packets with a network interface card (NIC) that has been configured for stealth mode. however. stealth mode interfaces do not display as a choice for Websense EIM communications. Network Agent with a stealth mode interface is not supported on Windows NT 4. You may test a stealth mode NIC for traffic visibility and select it for Network Agent to use to monitor Internet traffic. In Solaris and Linux. a second. TCP/IP-capable interface must be configured to communicate with Websense EIM for filtering and logging purposes. select Settings > Network and Dial-up Connection A list of all the interfaces active in the machine is displayed. Windows Stealth mode for the Network Agent interface is supported for Windows 2000 and 2003 only. From the Start menu. A NIC in stealth mode has no IP address and cannot be used for communication. Squid Web Proxy Cache 127 . The advantages for this type of configuration are security and network performance. Removing the IP address prevents connections to the interface from outside as well as stopping unwanted broadcasts. Configuring for Stealth Mode If the Network Agent is configured for a stealth mode NIC. Make sure you know the configuration of all the interfaces in the machine before attempting an installation. Stealth mode NICs display normally during Network Agent installation. In remote installations of Network Agent. To configure a NIC for stealth mode: 1. stealth mode NICs appear together with TCP/IP-capable interfaces and must not be selected for communication.Appendix A: Stealth Mode In some cases. the installation machine must be multi-homed.

Clear the Internet Protocol (TCP/IP) checkbox.Appendix A:Stealth Mode 2. Click OK. To configure a NIC for stealth mode. which severs the link between the IP address and the MAC address of the interface. 3. Select the interface you want to configure. Linux To configure a NIC for stealth mode in Linux. Interface Connections Properties 4. Select Files > Properties or right-click and select Properties from the pop-up menu. you must disable the Address Resolution Protocol (ARP). 5. A dialog box displays the connections properties of the interface you have chosen. run the following from a command prompt ifconfig <interface> -arp up To return the NIC to a normal mode. run the following from a command prompt: ifconfig <interface> arp up 128 Websense Enterprise EIM .

Websense EIM components will not start on Linux. Network Agent is not filtering or logging accurately. I forgot my Websense EIM Server password. whichever is appropriate. Policy Server fails to install. If you still need to contact Technical Support. Outgoing Internet traffic seems slow I made a mistake during installation Run the installation program again. Please check this chapter for information before you contact Technical Support.Appendix B: Troubleshooting You may encounter a situation while installing Websense EIM and configuring the Squid Web Proxy that is not addressed in the previous chapters. choosing either the Continue installation and overwrite current configuration settings option (Solaris) or the Add/ Remove Websense Enterprise Components options (Windows). I forgot my Websense EIM Server password Contact Websense Technical Support for assistance. Windows 9x workstations are not being filtered as expected. The situations addressed in this chapter are as follows: I made a mistake during installation. This appendix troubleshoots installation situations that have been called in to Websense Technical Support. Squid Web Proxy Cache 129 . in case the solution to your situation is described. Network Agent fails to start on Linux with stealth mode NIC. You can find contact information in Appendix C: Technical Support. please see Appendix C: Technical Supportfor contact information. Where can I find download and error messages? EIM Database does not download.

This log records error messages and messages pertaining to database downloads. Access the Application Event log by choosing Start > Programs > Administrative Tools > Event Viewer.log (Websense\EIM\bin) for any listings about the database download as well as other error or status messages. Access the Application Event log by choosing Start > Settings > Control Panel > Administrative Tools > Event Viewer. Check the date shown in the Key expires field. Select Log > Application. Expand the Event Viewer tree and click Application Log. Compare the key you received via email or in the EIM package to the key in the Subscription key field (the key is not case sensitive). and go to the Database Download screen.Appendix B:Troubleshooting Where can I find download and error messages? Windows NT Check the Windows Application Event log or websense. to renew your subscription. 130 Websense Enterprise EIM .log (located in Websense/EIM/bin) when there are errors to record. Subscription Key Verify that the subscription key is entered correctly and has not expired.log (Websense\EIM\bin) for any listings about the database download as well as other error or status messages. If this date has passed. You must click OK to close the Settings dialog box before the key takes effect and enables the database download. contact Websense Inc. Solaris and Linux Websense creates Websense. EIM Database does not download There are several reasons why you might have difficulty receiving EIM Database downloads. Open the Settings dialog box. Windows 2000 Check the Windows Application Event log or websense.

you must set up the machine running EIM to access a DNS server. Squid Web Proxy Cache 131 . This means that the EIM Server’s proxy settings are correct. 3.websense. the Websense logo appears.websense.download.Appendix B:Troubleshooting Internet Access The machine running EIM Server must have access to the Internet via HTTP. check the following: The correct user name and password must be entered in the Database Download screen of the Settings dialog box. along with a message indicating that it will redirect you to the Websense home page. To verify Internet access on the Websense EIM Server machine: 1. contact Websense Technical Support (see Appendix C: Technical Support for information) 5. and must be able to receive incoming transmissions. Request one of the following addresses: http://download.download. If Websense must access the Internet through an upstream firewall or proxy server that requires authentication. 4. If you are not able to reach the download site. If you need assistance. Open a Web browser (either Internet Explorer or Netscape).com If you reach the site.com If this does not return an IP address. use the nslookup command (at the command prompt) with the address of your download site to make sure the EIM Server machine is able to resolve the download location to an IP address.download.websense. and the system requires proxy information. For example: nslookup asia. Verify spelling and capitalization. Set up the browser to access the Internet with the same proxy settings as EIM Server. the EIM Server proxy settings must be corrected. 2. Determine whether Websense EIM is accessing the Internet through a proxy server by checking the Database Download screen of the Settings dialog box in Websense Manager.com http://europe.websense.com http://asia. and the EIM Server should have appropriate HTTP access for downloading. If no proxy information is required.

and then removed the IP address of the NIC from the Linux configuration file (/etc/sysconfig/network-scripts/ifcfg-<adapter name>). Restriction Applications Some restriction applications. Policy Server fails to install If you attempt to install Websense EIM on an over-stressed system. To reconnect Network Agent to the NIC. Disable the restrictions relating to the EIM Server machine and the Websense download location. 132 Websense Enterprise EIM . If you receive the error message: Could not install current service Policy Server. the Network Agent will not start. can interfere with database downloads. If you have bound the Network Agent to a network interface card configured for stealth mode. during installation. Setup must quit. the Policy Server may fail to install (error 997). If the Policy Server fails to install. take the following action: Install Websense EIM on a different machine. See System Requirements. Network Agent fails to start with stealth mode NIC IP address removed from Linux configuration file The Network Agent can work with a stealth mode NIC only if the interface retains its old IP address in the Linux system configuration file. An interface without an IP address will not appear in the list of adapters displayed in the installer or in Websense Manager and will be unavailable for use. page 25 for minimum installation requirements. such as virus scanners or size-limiting applications. Certain applications (such as print services) can bind up the resources that Setup needs to install the Policy Server.Appendix B:Troubleshooting The firewall or proxy server must be configured to accept clear text or basic authentication. Stop all memory-intensive services running on the machine before attempting another Websense EIM installation. restore the IP address in the configuration file.

If you have inadvertently selected a stealth mode NIC for communications. increase the number of redirectors spawned by Squid. go to the redirect_children tag and increase the number by 10. In the squid. Start the Websense services. This situation could prevent DC Agent from receiving a user name when an Internet request is made from that workstation. the Network Agent cannot filter or log requests accurately. you must define the IP address of the proxy server machine in the Websense Manager. Check the machine names of any Window 9x workstations experiencing filtering problems and remove any spaces you find.Appendix B:Troubleshooting Stealth mode NIC selected for Websense communications in Linux and solaris Network interface cards configured for stealth mode in Linux and Solaris are displayed in the Websense EIM installer as choices for Websense communication. and Websense EIM services will not work. the Network Agent will not start. consult your Squid Guide and check your network settings. Network Agent will log the address of the proxy server as the source IP address of all permitted requests and will not log blocked requests at all. Windows 9x workstations are not being filtered as expected If you are running DC Agent for user identification. The current default is 30. Refer to Identifying the Proxy Server for the Network Agent. To correct this problem. your Windows 9x workstation machine names must not contain any spaces. Outgoing Internet traffic seems slow If the performance of outgoing Internet traffic is slower than expected. Network Agent is not filtering or logging accurately If you have configured your Squid Web Proxy machine to act as a proxy for Internet traffic. page 112 for instructions. If the performance continues to be slow.conf file. Without this address. open the websense.ini file in /Websense/EIM/bin and change the IP address to that of a NIC in normal mode. Squid Web Proxy Cache 133 .

Appendix B:Troubleshooting 134 Websense Enterprise EIM .

a Knowledge Base. and other information. or access to a person who has this familiarity. please be ready with the following: Websense subscription key. Request information by contacting: http://www. Specifications of the machines running the EIM Server and Websense Manager. is committed to providing excellent service worldwide.websense.websense. Our goal is to provide professional assistance in the use of our software wherever you are located.com/support Squid Web Proxy Cache 135 . Before Contacting Websense Support Center Before you call Websense Technical Support representative. 7 days a week on a fee basis. For severe problems.Appendix C: Technical Support Websense Inc. Websense Technical Services Support Center Technical information about Websense EIM is available 24 hours a day via the Internet at: http://www. A list of other applications running on the EIM Server machine. Frequently Asked Questions (FAQ). Access to Websense Manager. Fee-based Support Telephone support is available 24 hours a day. Access to the machine running the EIM Server.com/support You will find the latest release information. additional information may be needed. product documentation. Familiarity with your network's architecture.

support@websense.cfm For additional information.320.723. California. understands the value of high quality.websense. please visit our Web site at: http://www.com.Appendix C:Technical Support Support Options Websense Technical Support can be requested 24 hours a day.com/support/form 24x7 Support Contract The Websense 24x7 support contract is available for purchase. We will respond during business hours Monday through Friday. USA: London.com.com/support/24x7support. USA uksupport@websense. England japansupport@websense.com—London. England: 858. Response to after-hours requests will occur the next business day. accurate documentation. please contact our Sales Department at 800.websense. or send an email to sales@websense. 136 Websense Enterprise EIM . Submitting Support Tickets You can submit support tickets through the Web site 24 hours a day. This option is available 24 hours a day.com—San Diego.com—Japan (Asia) Telephone Assistance Telephone assistance is available during business hours Monday through Friday at the following numbers: San Diego. Email Questions You may email your questions to us at the addresses listed below.8000. California. contact us at DocFeedback@websense.458. If you have any suggestions for improving the documentation.1166 or 858. We appreciate your input. For a list of services. Support tickets can be submitted at: http://www.2940 +44 (0) 1932 796244 Improving Documentation Websense Inc. 7 days a week.

123 basic. 13 required privileges. 8 EIM Log Server. 111 browser path to. 69 array configuration network diagrams. 8. 7. 11–14 tasks. 124 B Bandwidth Optimizer. 95 directory services supported types. 128 AfterWork. 123 definition. 124 manual. 70. 68. 63. 8 deployment of components. 24 Address Resolution Protocol (ARP). 49. 60. 24–25 DNS server. 17–19 authenticated connection DC Agent. 116 client types. 45 137 .Index A Active Directory. 86. 132 error message location. 9 Websense EIM on separate machine. protocol. 33 Default Web Site. 56. 33 anonymous autentication. 17 EIM Reporter and EIM Server ports. 121 digest. 130 failure of. 53. 80–84 system requirements for. 79 proxy-based connections for. 43. 123 Apache Web Server installing. 79. 74. 116. 70. 74 authentication anonymous. 75–76 deployment individual components. 112 block page URL. 9. 135–136 D database download and virus scanners. 55. 82. 97 basic authentication. 7 C clear text. 33 bytes transferred. 16 on Squid integration machine. 35. 49. 122 clients defined. 7 deployment of. 122 components adding. 60. 121 transparent identification. 46 digest authentication. 123 block messages. 96 E EIM Database. 17. 125 Windows NT Challenge/Response and Integrated Windows. 92 customer support. 102–103 Squid Web Proxy Cache configuration port. 15 DHCP and Websense installation. 96 separate installer. 96–102 removing. 64 defined. 60. 49. 93. 124 directory path for installation. 111 domain administrator privileges. 108–110 DC Agent defined. 86. 55. 64. 130–132 performing. 13 supported version.

35 languages locales. 73. 7 deployment of. 95 firewall clients. 62–65 load balancing. 13 Netscape enabling JavaScript on. 60. 64 defined. 14 locales. 49. 67–76 Linux. 93. 46–51. 93–94. 55. 61. 63 Network Agent Linux. 80–84 deployment information. 91–95 Windows. 51–57.ini file. 60.Index EIM Server and EIM Reporter installation. 116 H https blocking. 131–132 IP addresses changing for installed components. 90. 128 manual authentication. 24. 112–115 disabling for stealth mode. 75–76 installation DC Agent. 112 mirroring. 54–55. 127 ISA Server array configuration. 46 stealth mode and. 11 identifying for block page URL. 41 Network Address Translation (NAT). 33 L Language Pack Websense installation and. 60. 38–41 Websense EIM installation. 97 capture interface. 50. 102. 122 G Gopher. 90. 12 LDAP directory service. 105 traffic visibility test. 53. 29–30 eimserver. 46 Websense Filter. 27 starting and stopping Websense services. general. 119–120 upgrading on. 17–19 J JavaScript enabled on browsers. 55. 45 Linux installation requirements typical. 33 location of. 45 languages language pack. 56. 57–61 Terminal Services. 60. 74 EIM Server port. 14 port number. 49. 78–80 Windows. 20 N NetBIOS. 44 configuring for proxy servers. 73 Websense Enterprise EIM . 95 multiple installations of. 103–105 system requirements warning. 45 directory path for. 90. 95. 51–57. 85–91 Policy Server port. 49. 63 repairing an installation. 23 Network Agent bandwidth optimizer. 65–67 Websense Manager 138 Solaris. 115 I IIS Manager locating Default Web Site in. 49. 65. 55. 74. 77–78 Internet access problems. 49. 77. 55. 70. 87–89. 38. 98–100 Websense EIM components on Windows machines. 128 dynamic (DHCP). 25 Messenger Service. 63 system requirements for. 111 machine identification. 111 F filter port. 12 M MAC address. 62–65 Solaris. 86. 83.

103–105 S Samba client Linux. 56. 38 network interface cards (NIC) configuring for stealth mode Linux. 92 Squid Web Proxy Cache port spanning. 112–115 settings for database download. 129 Policy Server setting. 119 upgrading on.config file. 73 Linux. 27 patches required. 35 Squid Web Proxy single configuration. 12. 89. 28–29 port number EIM Server. 127–128 installation tips. 122 stealth mode configuring Linux. 110 Policy Server defined. 24 O overwrite option. 36–38 Websense EIM installation. 7 deployment of. 53. 55. 7 deployment of. 85–91 multiple installations of. 82. 56 setup block page URL. 87–89. 93. 90 Policy Server. 40–41 Linux. 86. 15–17 squid. 12 in switched environments. 93. 32–33 testing traffic visibility. 54–55. 128 Windows. 98–100 network interface card (NIC) selecting. 55. 7. 17–19 proxy server identifying for Network Agent. 28 starting and stopping Websense services. 116 Solaris installation requirements typical. 100 protocol management. 60. 95 NA only installation. 127–128 system requirements. 86.Index defined. 64 P password forgotten. 62 repairing an installation. 20 protocol block messages. 23 network interface card. 127–128 139 . 111 database download. 70. 128 Windows. 112–115 stealth mode NIC. 52. 69 records. 57–61 Squid plug-in. 89. 108–110 workstation configuration. 132 machine ID. 40 traffic visibility test. 86. 11 failure to install. 97 Samba client requirements Linux. 97 proxy server IP address. 9 R Real-Time Analyzer (RTA) supported Web servers for. 91–95 Windows. 95 port numbers EIM Server. 100 Novell Directory Service/eDirectory. 86. 112 Protocol Management. 56 Proxy Server array configuration. 95. 53. 43. 46 Release Notes. 108–110 subscription key. 70. 108 proxy server/firewall setting. 82. 71–73. 92 system requirements for. 22 Network Address Translation (NAT). 39.conf file. 110 Q quotas. 8. 93–94. 20 installation. 46–51. 46 selecting.

36. 35 Terminal Services. 36 Windows Active Directory. 29–30 installation warning. 36 websense. 24 defined. 117–119 Websense Enterprise EIM . 24. 36–38 Squid plug-in. 38–41 on Solaris. 24. 33 EIM Server. 108–110 verification and troubleshooting of. 31–32 Websense services starting and stopping Linux. 77. 25 starting and stopping Websense services. 67–76 removing. 8–9 installation Linux. 24–25 user identity. 31–32 Windows installation. 57–61 Terminal Services. 119–120 Solaris. 26 workstations. 51–57 separate machine. 121 User Service and Windows-based directory services. 11 installing separately Solaris. 56. 46 installing on Linux. 46 traffic visibility test. 33 T technical support. 28 User Service. 71–73 Windows components. 95. 102. 127 Websense Filter installation. typical. 117–119 stopping before upgrading. 11 140 required privileges. 20 system requirements DC Agent. 78–80 Windows. 12. 35 foreign language versions. 125 U upgrading distributed component. 15 selecting a NIC for communication. 36 traffic visibility test Windows. 24 switched environments. 27 Network Agent. 25. 41–44 user identification. 105 Linux installation. 68 system requirements for. 28–29 Solaris installation. 119 Windows. 27 Solaris patches. 16 Solaris. typical. 35–36 manually stopping services/daemons. 46–51 Squid Web Proxy machine. 30–31 Websense Manager. 122 Websense EIM component configurations. 30–31 V virus scanners. 36. 65–67 Websense Manager defined. 62–65 Solaris.ini file. typical. 127 subscription key entering. 32–33 Policy Server. 77–78 system requirements for. 90. 61. 96–102 installing on Windows. 83. 36 on Linux. 65. 7 deployment of. 132 W Web proxy clients. 35 general information. 127 using with Network Agent. 135–136 Terminal Services. 74. 102–103 functional overview. 11–14 components adding. 40 transparent identification. 130 SunONE Directory Server.Index definition of. 7 deployment of. 50. 25 NTLM-based directories.

116 ws. 36. 38 wsSquid. 112 workstations. 124 winpopup.ini file. 115 Squid Web Proxy Cache 141 . 67–76 Windows NT Challenge/Response and Integrated Windows authentication. 26 upgrading distributed components on.Index system requirements for Websense EIM installation.cfg file. 41– 44 Websense component installation. 33 configuration.exe.

Index 142 Websense Enterprise EIM .

Sign up to vote on this title
UsefulNot useful