Installing for Universal Integrations
Applies to: |
---|
|
This document describes integrating Forcepoint URL Filtering with supported integration products other than those addressed in the following topics:
- Integrating Forcepoint URL Filtering with Cisco
- Integrating Forcepoint URL Filtering with Citrix
- Integrating Forcepoint URL Filtering using ICAP Service
- Integrating Forcepoint URL Filtering with TMG
The Partners page at forcepoint.com links to pages that list our Security Alliance and Vendor Alliance partners. Refer to the list of Technology Partners to verify that your web protection software supports an integration with your firewall, proxy server, caching application, or network appliance.
Integrating Forcepoint URL Filtering with another product or device affects the following web protection components:
- Filtering Service interacts with your integration product and Network Agent to determine whether Internet requests are blocked or permitted.
- Network Agent manages Internet protocols that are not managed by your integration product. It can also detect HTTP network activity (managed by the integration) to enable bandwidth reporting.
When the integration product receives an Internet request, it queries Filtering Service to find out if the requested site should be blocked or permitted. Filtering Service consults the policy assigned to the client determines how the requested site is categorized.
- If the site is assigned to a blocked category, the client receives a block page instead of the requested site.
- If the site is assigned to a permitted category, Filtering Service notifies the integration product to grant access to the site.
Installation steps for universal integrations
This section provides a general overview of the installation process, highlighting the steps important to enabling integration.
For detailed installation instructions, see Installing Web Protection Solutions.
- When you install Filtering Service, on the Integration Option screen, select Install Forcepoint URL Filtering to integrate with a third-party product or device.
- On the Select Integration screen, select Other (Universal Integration).
- On the Transparent User Identification screen, you can choose whether to install a transparent identification agent.
- If your integration product provides user authentication or identification services, or if you do not intend to use user and group-based policy enforcement, select None.
- To use a transparent identification agent, select the agent or combination of agents appropriate for your deployment.
- Follow the remaining installer prompts to complete the installation.
After installation is complete:
- To prevent users from circumventing policy enforcement, configure your firewall or Internet router to allow outbound HTTP, HTTPS, FTP, and Gopher requests only from your
integration product.
Contact your router or firewall vendor for information about configuring access lists for that product.
- If Filtering Service connects to the Internet through a proxy server or firewall for HTTPS traffic, configure the proxy server or firewall to accept clear text or basic authentication to enable the Master Database download.
- To prevent users from circumventing policy enforcement, configure your firewall or Internet router to allow outbound HTTP, HTTPS, FTP, and Gopher requests only from your
integration product.
Migrating to a different integration after installation
You can change your integration product or version after installation without losing any of your configuration data.
- Install and configure your new integration product. See your integration product documentation for instructions.
Ensure that it is deployed in your network such that it can communicate with Filtering Service and Policy Server.
- Use the Backup Utility to backup your web protection configuration and initialization files. See the Backup and Restore FAQ for instructions
- Ensure that your web protection services are running. The installer looks for Policy Server during the installation process.
- Remove Filtering Service using the procedures for removing components in the installation materials.Warning: Remove Filtering Service only. Do not remove the associated Policy Server.
If you have uninstalled Filtering Service from a Windows machine, restart the machine to complete the remove process.
- Close any open applications, and stop any antivirus software, then run the installer again.
- Add Filtering Service using the procedures for installing individual components. See Adding web protection components.
- On the Integration Option screen, select the Install Forcepoint URL Filtering to integrate... option.
- On the Select Integration screen, select Other (Universal Integration).
- Follow the installer prompts to complete the installation.
The installer adds the new integration data, while preserving the previous configuration data.
On Windows machines, to complete the installation, restart the machine.
- Verify that Filtering Service has started.
- Windows: Open the Services tool (Start > Administrative Tools > Services or Server Manager > Tools > Services) and check to see if Websense Filtering Service is started.
- Linux: Navigate to the web protection installation directory (/opt/Websense/, by default), and enter the following command to see if Filtering Service is
running:
./WebsenseAdmin status
To start a service, follow the instructions in the installation materials.
- To identify which Filtering Service instance is associated with each Network Agent:
- Log on to the Forcepoint Security Manager and select Web > Settings > Network Agent.
- Highlight the Global option, then select a Network Agent IP address to open its Local Settings page.
- Under Filtering Service Definition, select the IP address for the machine running Filtering Service. During the migration, the setting may have been reset to None.
For more information, see Configuring Network Agent local settings.
- If you stopped your antivirus software, be sure to start it again.