Initial configuration for web protection solutions

Applies to:
Forcepoint Web Security, v8.5.x Forcepoint URL Filtering, v8.5.x

Getting started with web protection solutions

After entering your Forcepoint Web Security or Forcepoint URL Filtering subscription key (see Initial Configuration for All Security Modules), use the Initial Setup Checklist to complete basic setup tasks.

If you have Forcepoint Web Security, also see Content Gateway initial configuration.
If you have the DLP Module also see Additional configuration for the Web Security DLP Module.

Next, you can:

Configure transparent user identification on the Settings > General > User Identification page.
- If you installed Logon Agent, you must create and deploy a client logon script in addition to configuring Logon Agent in the Web Security module of the Forcepoint Security Manager. See the Using Logon Agent for Transparent User Identification technical paper for instructions.
- If you could not give User Service, DC Agent, or Logon Agent administrator privileges during installation, see Changing DC Agent, Logon Agent, and User Service permissions.
Enable email or SNMP alerting on the Settings > Alerts > Enable Alerts page.
Customize reporting behavior. See Reporting Administration.

Additional tips for working with web protection solutions

All web protection tools and utilities installed on Windows Server platforms (such as wsbackup.exe and websenseping.exe), as well as text editors used to modify web protection configuration files (such as websense.ini), must be run as the local administrator. Otherwise, administrators may be prevented from running the tool, or changes may not be implemented.

Navigate to the bin directory (C:\Program Files or Program Files (x86)\Websense\Web Security\bin\).
Right-click the relevant executable file, and then click Properties. Following is a list of files for which this should be done.
In the Compatibility tab, under Privilege Level, select Run this program as an administrator. Then, click OK.

Identifying Filtering Service by IP address

When an Internet request is blocked, the browser is redirected to a block page hosted by Filtering Service. The block page URL takes the form:

http://<FilteringServiceNameorIPAddress>:<MessagePort>/cgi- bin/blockpage.cgi?ws-session=#########

If Filtering Service is installed on a machine with multiple NICs, and Filtering Service is identified by machine hostname rather than IP address, users could receive a blank page rather than a block page.

If the organization has an internal domain name server (DNS), enter the Filtering Service machine’s IP address as a resource record in your DNS. See the DNS documentation for instructions.
If the organization does not have an internal DNS:
1. On the Filtering Service machine, go to the bin directory (by default, C:\Program Files\Websense\bin or opt/Websense/bin/).
2. Make a backup copy of eimserver.ini in another directory.
3. Open the original eimserver.ini file in a text editor.
4. In the [WebsenseServer] section, enter the following command:
  BlockMsgServerName=<IP address>
  
  Here, <IP address> is the IP address of the Filtering Service machine.
  
  Important: Do not use the loopback address (127.0.0.1).
5. Save the file.
6. Restart Filtering Service.
  - Windows: Use the Windows Services tool (Start > Administrative Tools > Services or Server Manager > Tools > Services) to restart Websense Filtering Service.
  - Linux: Use the /opt/Websense/WebsenseDaemonControl command to restart Filtering Service.