Filtering Service can’t communicate with a transparent identification agent

When you use DC Agent, Logon Agent, eDirectory Agent, or RADIUS Agent for transparent user identification, Filtering Service must be able to communicate with the agent to correctly apply user-based policies. If this communication fails, the user may be filtered by an IP-address-based policy or the Default policy.

To address this problem:

1. Verify that the agent service or daemon is running.
   • Windows: Use the Windows Services tool to make sure that Websense DC Agent, Websense Logon Agent, Websense eDirectory Agent, or Websense RADIUS Agent is running.
   • Linux: Navigate to the /opt/Websense/ directory and use the following command to verify that Logon Agent, eDirectory Agent, or RADIUS Agent is running:

     ./WebsenseAdmin -status

2. You can ping the transparent identification agent machine from the Filtering Service machine. Try both the IP address and the hostname of the transparent identification agent machine, to make sure that DNS is properly configured. For example:

   ping 10.55.127.22

   ping transid-host

3. The transparent identification agent communication port is open between the Filtering Service machine and the agent machine. The default ports are:
   • DC Agent: 30600
   • Logon Agent: 30602
   • eDirectory Agent: 30700
   • RADIUS Agent: 30800
4. The correct agent IP address or hostname and port appear on the Web > Settings > General > User Identification page in the Forcepoint Security Manager.

If the service appears to be running normally, and there does not appear to be a network communication problem between the Filtering Service and agent machines:

• Use the Windows Services tool or the /opt/Websense/WebsenseDaemonControl command to restart the agent.

  Check the Windows Event Viewer or websense.log file (in the bin directory) on the agent machine for error messages from the transparent identification agent.