Installing Forcepoint URL Filtering to integrate with Forefront TMG

Before you begin

Applies to:
  • Forcepoint URL Filtering, v8.5.x

The general process of installing Forcepoint URL Filtering to integrate with Microsoft Forefront TMG is as follows:

  1. Begin by installing web protection policy, management, and reporting components in your network (not on the TMG machine).

    Filtering Service must already be installed before the ISAPI Filter plug-in is installed on the TMG machine. When installing Filtering Service, specify that it is integrated with TMG.

  2. Install the ISAPI Filter plug-in on the TMG machine (as described below).

    The only web protection components installed on the Forefront TMG machine are the ISAPI Filter plug-in and Control Service (which manages installation and removal of web protection software components).

The Forcepoint Security Installer is used to install the ISAPI Filter plug-in for Forefront TMG on the TMG machine.

Important:
  • As part of the installation process, you must stop the Microsoft Forefront TMG Firewall service (Firewall service). Because this may stop network traffic, perform the installation during a time when a stoppage will least affect your organization. Do not stop the Firewall service until prompted by the installer.
  • Port 55933 (the Control Service communication port) must be open locally for the ISAPI Filter plug-in to be installed successfully.

Before beginning the installation process:

  • Download or copy the Forcepoint Security Installer to the TMG machine. This installer is available from the My Account section of support.forcepoint.com.
  • Close all applications and stop any antivirus software.

To perform the installation:

Steps

  1. Log on to the TMG machine with domain admin privileges.
  2. Right-click Forcepoint85xSetup.exe and select Run as administrator to launch the installer. After a few seconds, a progress dialog box appears, as files are extracted.
  3. On the Welcome screen, click Start.
  4. On the Subscription Agreement screen, select I accept this agreement, then click Next.
  5. On the Installation Type screen, select Custom and then click Next.
  6. On the Custom Installation screen, click the Install link next to Forcepoint Web Security.
  7. On the Select Components screen, select Filtering Plug-in, then click Next.
  8. On the Filtering Service Communication screen, enter the IP address of the machine on which Filtering Service is installed and the port Filtering Service uses to communicate with integration products and Network Agent (default is 15868). Then click Next.
    • The port used by Filtering Service to communicate with integration products and Network Agent must be in the range 1024-65535.
    • To verify the Filtering Service port, check the WebsenseServerPort value in the eimserver.ini file, located in the bin directory on the Filtering Service machine (C:\Program Files\Websense\Web Security\bin\ or /opt/Websense/ bin/).
  9. On the Installation Directory screen, accept the default location and click Next.
  10. On the Pre-Installation Summary screen, verify that Filtering Plug-in is the only component selected for installation, then click Install.
    An Installing progress screen is displayed. Wait for the installation to complete.
  11. When the Stop Microsoft Forefront TMG Firewall Service screen appears, stop the Microsoft Forefront TMG Firewall service (Firewall service) and then click Next.
    Note: Leave the installer running as you stop the Firewall service, and then return to the installer to continue installation.

    To stop the Firewall service:

    1. Go to Start > Administrative Tools > Services or Server Manager > Tools > Services.
    2. Right-click Microsoft Forefront TMG Firewall, and then select Stop.
      When the service has stopped, return to the installer and continue the installation process. The Firewall service may also be stopped from the Forefront TMG management console. See the Microsoft documentation for more information.
      Important: When the Firewall service is stopped, Forefront TMG goes into lockdown mode. Network traffic may be stopped. Typically, the Firewall service must be stopped for only a few minutes.
  12. When the following message appears, start the Firewall service and click OK:
    The ISAPI Filter has been configured, you can now start the Microsoft Firewall Service.
    Note: Leave the installer running as you start the Firewall service, and then return to the installer to continue installation.

    To start the Firewall service:

    1. Go to Start > Administrative Tools > Services or Server Manager > Tools > Services.
    2. Right-click Microsoft Forefront TMG Firewall, and then select Start.

      The Firewall Service may also be started from the Forefront TMG management console. See the Microsoft documentation for more information.

  13. On the Installation Complete screen, click Done.
  14. If you stopped antivirus software on this machine, restart it now.

    You can verify successful installation of the ISAPI Filter plug-in by logging into the Forefront TMG management console. Navigate to System > Web Filters and verify that WsISAFilter is present in the list of Web Filters.