Install Content Gateway

Steps

  1. Disable any currently running firewall on this machine for the duration of Content Gateway installation. Bring the firewall back up after installation is complete, opening ports used by Content Gateway.
    Important: If SELinux is enabled, set it to permissive or disable it before installing Content Gateway. Do not install or run Content Gateway with SELinux enabled.
    Important:

    Forcepoint Web Security customers using Red Hat Enterprise Linux or CentOS 7.x must disable firewalld prior to installing Content Gateway.

    On the machine where Content Gateway will be installed, execute the following:

    systemctl stop firewalld

    systemctl disable firewalld

  2. Make sure you have root permissions:
    su root
  3. In the directory where you unpacked the tar archive, begin the installation, and respond to the prompts to configure the application.

    ./wcg_install.sh

    The installer installs Content Gateway in /opt/WCG. It is installed as root.

    Note:

    Up to the configuration summary, you can quit the installer by pressing Ctrl-C. If you choose to continue the installation past the configuration summary and you want to quit, do not use Ctrl-C. Instead, allow the installation to complete and then uninstall it.

    If you want to change your answer to any of the installer prompts, you will be given a chance to start over at the first prompt once you reach the configuration summary; you do not have to quit the installer.

  4. If your server does not meet the minimum hardware requirements or is missing required operating system packages, you will receive error or warning messages.

    Install the missing packages, reboot the server, and again start the Content Gateway installer.

    Here is an example of a system resource warning:

    Warning: Content Gateway requires at least 6 gigabytes of RAM.
Do you wish to continue [y/n]?

    Enter n to end the installation and return to the system prompt.

    Enter y to continue the installation. If you choose to run Content Gateway after receiving this warning, performance may be affected.

  5. Read the subscription agreement. At the prompt, enter y to continue installation or n to cancel installation.
    Do you accept the above agreement [y/n]? y
  6. Enter and confirm a password for the Content Gateway Manager administrator account.

    Note that the cursor will not move while you are entering your password.

    Enter the administrator password for the Content Gateway management interface.
Username: admin 
Password:>
Confirm password:>

    This account enables you to log on to the management interface for Content Gateway (the Content Gateway manager). The default username is admin.

    To create a strong password (required), use 8 to 15 characters, with at least 1 each of the following: upper case letter, lower case letter, number, special character.

    Important:

    The password cannot contain the following characters:

    • space
    • $ (dollar symbol)
    • : (colon)
    • ‘ (backtick; typically shares a key with tilde, ~)
    • \ (backslash)
    • “ (double-quote)
  7. Enter an email address where Content Gateway can send alarm messages: 
    Content Gateway requires an email address for alarm notification.
Enter an email address using @ notation: [] >

    Be sure to use @ notation (for example, user@example.com). Do not enter more than 64 characters for this address.

  8. Select 1 as your Content Gateway Integration Configuration: 
    '1' - Select '1' to configure Content Gateway as a component of Forcepoint Web Security
'2' - Select '2' to configure Content Gateway as a component of Forcepoint DLP (without Forcepoint Web Security)
  9. Enter the IP address for Policy Server:
    Enter the Policy Server IP address (leave blank if integrating with Data Security only): [] >

    Use dot notation (i.e., xxx.xxx.xxx.xxx). The address must be IPv4.

  10. Enter the IP address for Filtering Service:
    Enter the Filtering Service IP address: [<Policy Server address>] >

    The default is the same address as Policy Server.

  11. Review default Content Gateway ports: 
    Content Gateway uses 9 ports on your server:
PortAssignments:
'1'    Content Gateway Proxy Port             8080
'2'    Web Interface port                     8081
'3'    Auto config port                       8083
'4'    Process manager port                   8084
'5'    Logging server port                    8085
'6'    Clustering port                        8086
'7'    Reliable service port                  8087
'8'    Multicast port                         8088
'9'    Endpoint Authentication ServerPort     9090

Enter the port assignment you wouldlike to change:
'1-9' - specific port changes
'X' - no change
'H' - help
[X] >

    Change a port assignment if it will conflict with another application or process on the machine. Otherwise, leave the default assignments in place.

    If you do not want to use these ports for Content Gateway, or if the installation program indicates that a port conflict exists, make any necessary changes. Any new port numbers you assign must be between 1025 and 65535, inclusive.

  12. For clustering, at least two network interfaces are required. If your machine has only one, the following prompt appears:
    Content Gateway requires at least 2 interfaces to support clustering. Only one active network interface is detected on this system.

    Press Enter to continue installation and skip to Step 13.

  13. If two or more network interfaces are found on this machine, you are asked whether this instance of Content Gateway should be part of a cluster: 
    Content Gateway Clustering Information

'1' - Select '1' to configure Content Gateway for management clustering. The nodes in the cluster will share configuration/management information automatically.
'2' - Select '2' to operate this Content Gateway as a single node.

Enter the cluster type for this Content Gateway installation:
[2] >

    If you do not want this instance of Content Gateway to be part of a cluster, enter 2.

    If you select 1, provide information about the cluster:

    Enter the name of this Content Gateway cluster.
><cluster_name>

    Note: All members of a cluster must use the same cluster name and multicast group address.

    Enter a network interface for cluster communication. 
Available interfaces:
<interface, e.g., eth0>
<interface, e.g., eth1>
Enter the cluster network interface:
>
Enter a multicast group address for cluster <cluster_name>. 
Address must be between 224.0.1.27 - 224.0.1.254: 
[<default_IP_multicast_address>] >
  14. For Content Gateway to act as a web cache, a raw disk must be present on this machine. If no raw disk is detected, the following prompt appears: 
    No disks are detected for cache.
Content Gateway will operate in PROXY_ONLY mode.

    Content Gateway will operate as a proxy only and will not cache web pages. Press Enter to continue the installation and skip Step 15.

  15. If a raw disk is detected, you can enable the web cache feature of Content Gateway:
    Note: If you choose to not enable raw disk cache now, cache disks may be added after Content Gateway has been installed. For instructions, see the Content Gateway Manager Help.

    Would you like to enable raw disk cache [y/n]? y

    1. Select available disks from the list. Selected disks become dedicated cache disks and cannot be used for any other purpose. Cache disks must be raw. Aggregate disk cache size should not exceed 147 GB.
      Select available disk resources to use for the cache. Remember that space used for the cache cannot be used for any other purpose.
Here are the available drives
(1) /dev/sdb 146778685440 0x0

      Note: The above drive is only an example.

      Warning: Although it might be listed as available, do not use an LVM (Logical Volume Manager) volume as a cache disk.
    2. Indicate if you want to add or remove disks individually or as a group.
      Choose one of the following options:
'A' - Add disk(s) to cache
'R' - Remove disk(s) from cache
'S' - Add all available disks to cache 'U' - Remove all disks from cache
'X' - Done with selection, continue Content Gateway installation.
Option: > A
[ ] (1) /dev/sdb 146778685440 0x0
    3. Specify which disk or disks to use for the cache.
      Enter number to add item, press 'F' when finished:
[F] >1
Item '1' is selected
[F] >
    4. Your selections are confirmed. Note the “x” before the name of the disk.
      Here is the current selection
[X] (1) /dev/sdb 146778685440 0x0
    5. Continue based on your choice in Step b, pressing X when you have finished configuring cache disks.
      Choose one of the following options: 
'A' - Add disk(s) to cache
'R' - Remove disk(s) from cache
'S' - Add all available disks to cache 'U' - Remove all disks from cache
'X' - Done with selection, continue Content Gateway installation.
Option: >X
  16. As a way of improving the Content Gateway product, you can elect to send Forcepoint information about usage statistics, analyzed content, and activated product features. Important: Individual users are never identified.
    Enter y or n.
  17. A configuration summary appears, showing your answers to the installer prompts (note: summary below is an example): 
    Configuration Summary
Content Gateway Install Directory : /opt/WCG 
Admin Username for Content Gateway Manager: admin
Alarm Email Address                 :  <email_address>
Content Gateway Install Type        :  Web Security
Policy Server IP Address            :  <IP_address>
Filtering Service IP Address        :  <IP_address>
Content Gateway Cluster Type        :  NO_CLUSTER
Content Gateway Cache Type          :  LRAW_DISK 
Cache Disk                          :  /dev/sdb
Total Cache Partition Used          :  1
            *******************
            * W A R N I N G   *
            *******************
CACHE DISKS LISTED ABOVE WILL BE CLEARED DURING INSTALLATION!! CONTENTS OF THESE DISKS WILL BE COMPLETELY LOST WITH NO CHANCE OF RETRIEVAL.
Installer CANNOT detect all potential disk mirroring systems. Please make sure the cache disks listed above are not in use as mirrors of active file systems and do not contain any useful data.
Do you want to continue installation with this configuration [y/n]?

    If you want to make changes, enter n to restart the installation process at the first prompt. To continue and install Content Gateway configured as shown, enter y.

    Important: If you enter y to proceed but you decide you want to cancel the installation, do not attempt to quit the installer by pressing Ctrl-C. Allow the installation to complete. Then uninstall it.
  18. Wait for the installation to complete.
    Note:

    The subscription key is shared automatically with Content Gateway when it is entered in the Forcepoint Security Manager.

    If you receive an email from Content Gateway (to the address you specified during installation) with “WCG license download failed” in the subject line, this alert does not mean a problem occurred with the installation. The alert indicates that your deployment may require you to manually enter the subscription key in the Content Gateway manager.

  19. When installation is complete, reboot the Content Gateway server.
  20. When the reboot is complete, check Content Gateway status with:

    /opt/WCG/WCGAdmin status

    All services should be running. These include Content Cop, Content Gateway, Content Gateway Manager, and Analytics Server.

Next steps

After you have installed all of the software instances of Content Gateway needed for your deployment, continue with Step 12: Initial Configuration.