Getting started with a Cisco integration

How does Forcepoint URL Filtering work with Cisco products

To be managed by your web protection software, a client’s Internet requests must pass through the Cisco product.

When it receives an Internet request, the Cisco product queries Filtering Service to find out if the requested website should be blocked or permitted. Filtering Service determines which policy or exception applies to the request, then uses that policy to decide whether to block or permit the request.

• For HTTP, if the site is blocked, the browser displays a block page instead of the requested site.
• For HTTPS or FTP, if the site is blocked, the user is denied access and receives a blank page.
• If the site is permitted, Filtering Service notifies the Cisco product that the site is not blocked, and the client is allowed to visit the site.

Installing Forcepoint URL Filtering

Install Forcepoint URL Filtering as directed in the Installation Guide. When installing Filtering Service, be sure to:

• On the Integration Option screen, select Install Forcepoint URL Filtering to integrate with a third-party product or device.
• On the Select Integration screen, select one of the following and then click Next:
  • Cisco Adaptive Security Appliances
  • Cisco Routers
• Do not install a transparent identification agent if you plan to configure user authentication through your Cisco product.

Upgrading Forcepoint URL Filtering

When you upgrade software that is already integrated with a Cisco product, no additional Cisco configuration is necessary. See Upgrading Web Protection Solutions for upgrading instructions.

If you are upgrading your deployment and changing your Cisco product, see Migrating between integrations after installation.

Migrating between integrations after installation

You can change the Cisco integration product (for example, change from ASA to an IOS router) after installing web protection software without losing configuration data.

1. Install and configure your new Cisco integration product. See Cisco documentation for instructions.

   Ensure that it is deployed so that it can communicate with Filtering Service.

2. Use the Backup Utility to back up configuration and initialization files. For instructions see:
   • v7.6 - v7.8 Backup and Restore FAQ (if you are preparing to upgrade to v8.x)
   • v8.0 - v8.1 Backup and RestoreFAQ
   • v8.2 Backup and Restore FAQ
   • v8.3 Backup and Restore FAQ
   • v8.4 Backup and Restore FAQ
   • v8.5 Backup and Restore FAQ (if you are preparing to upgrade to v8.5.x)
3. Close all applications on the Filtering Service machine, and stop any antivirus software.
4. Remove Filtering Service. See Removing web protection components for instructions.
5. Restart the machine (Windows only).
6. Use the Windows or Linux installer to reinstall Filtering Service. See Installing web protection components for instructions.
7. On the Select Integration screen, select the new Cisco product, and then follow the on-screen instructions to complete the installation.

   The installer adds the new integration data to the appropriate configuration files, while preserving existing configuration data.

8. Restart the machine (Windows only).
9. Check to be sure that Filtering Service has started.
   • Windows: Use the Windows Services tool to verify that Websense Filtering Service has started.
   • Linux: Navigate to the web protection installation directory (/opt/Websense, by default), and use the following command to verify that Websense Filtering Service is running:

     ./WebsenseAdmin status

10. Use the Forcepoint Security Manager to identify which Filtering Service instance is associated with each Network Agent.
    • Use a supported browser (see System requirements for this version) to go to https://<IP address>:9443.

      Here, <IP address> is the IP address of the management server.

    • Click the Web module, then go to Settings > Network Agent.
    • Position the mouse over the General option and wait a second or two for a list of IP addresses to appear.
    • Click an IP address to open the Local Settings page for that Network Agent instance.
    • Under Filtering Service Definition, select the IP address for the machine running Filtering Service. During the migration, the setting may have been reset to None.
    • Log off of the Security Manager.
11. If you stopped your antivirus software, be sure to start it again.

Network Agent enhanced logging

Network Agent can also provide information for reports on bandwidth information and block HTTP(S) Internet protocols based on bandwidth consumption. However, bandwidth information is not recorded by default.

To configure Network Agent to record bandwidth information for reporting, or manage HTTP(S) or FTP requests based on bandwidth consumption:

1. In a supported browser, navigate to http://<IP address>:9443, where <IP address> is the IP address of the management server.
2. Select the Web module, then go to Settings > Network Agent.
3. Position the mouse over the General option and wait a second or two for a list of IP addresses to appear.
4. Click appropriate IP address to open the Local Settings page for a Network Agent instance.
5. Under Network Interface Card, click the appropriate NIC monitoring the relevant traffic.
6. Under Integration, enable the Log HTTP requests option.