Prepare your Linux servers

Before starting the installation process, on every Linux server that will host Forcepoint Web Security components, do the following:

Steps

  1. If SELinux is enabled, disable it or set it to permissive.
  2. If a firewall is active, open a command shell and use the appropriate command, based on your operating system, to shut down the firewall before running the installation.

    After installation, restart the firewall. In the firewall, be sure to open the ports used by web protection components installed on this machine. See the Web tab of the Forcepoint Ports spreadsheet for more information about ports.

    Important: Do not install Network Agent on a machine running a firewall. Network Agent uses packet capturing that may conflict with the firewall software.
  3. If you receive an error during installation regarding the /etc/hosts file, use the following information to correct the problem.

    Make sure the hosts file contains a hostname entry for the machine, in addition to the loopback address. (Use the hostname -f command to check this.)

    To configure a hostname:
    1. Enter the following command:

      hostname <host>

    2. Update the HOSTNAME entry in the /etc/sysconfig/network file:

      HOSTNAME=<host>

    3. In the /etc/hosts file, specify the IP address to associate with the hostname. This should be static, and not served by DHCP. Do not delete the second line in the file (the IPv4 loopback aduytdress) or the third line in the file (the IPv6 loopback address).
      <IP address> <FQDN> <host>
      127.0.0.1 localhost.localdomain localhost
      ::1 localhost6.localdomain6 localhost6

      Here, <FQDN> is the fully-qualified domain name of this machine (i.e., <host>.<subdomains>.<top-level domain>)—for example, myhost.example.com—and <host> is the name assigned to the machine.

    Important: The hostname entry you create in the hosts file must be the first entry in the file.
  4. Your web protection software supports only TCP/IP-based networks. If your network uses both TCP/IP- and non-IP-based network protocols, only users in the TCP/IP portion of the network are filtered.
  5. Make sure the following are installed.
    • haveged service

      Make sure this service is running.

    • xorg-x11-fonts-Type1
    • dejavu-serif-fonts

    The installer will check for these and display a message with instructions on how to install if any are not found.

  6. Copy the Web Security Linux installer (Web85xSetup_Lnx.tar.gz) to the machine:
    1. Log on to the installation machine with full administrative privileges (typically, root) and create a setup directory for the installer files. For example:

      /root/Websense_setup

    2. You can download the installer to your network, then copy it to each Linux server that will host Forcepoint components.
      To download the installer:
      1. Log on to the Forcepoint Downloads page.
      2. Select Web Security from the Product.
      3. Select On-Premises (Web) from the Product Options.
      4. Click Web v8.5.x Software for Linux from the Installer list.
        Note: Only latest version is available under Installer list. If you want to select the previous versions, then use Click here from On-Premises (Web).
      5. Click Download in the Product Installer page to download the windows installer of Web Security Web85xSetup_Lnx.tar.gz.
    3. Enter the following to uncompress and extract files:

      tar -xvzf Web85xSetup_Lnx.tar