Getting Started ® W e b s e n s e V-Series Appliance V10000 G2, V10000 G3, and V5000 G2 v7.6.1 and hig her v7 .6.x...
Page 2
Websense, Inc. Every effort has been made to ensure the accuracy of this manual. However, Websense, Inc., makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Websense, Inc., shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein.
Introducing Websense V-Series Appliances The Websense V-Series appliance is a high-performance security appliance with a hardened operating system, optimized for analyzing Web and email traffic and content. The appliance offers: A command-line interface for initial appliance settings, available through a USB ...
Introducing Websense V-Series Appliances Security Modes Websense V-Series appliances can run in any one of the following security modes. Websense V10000 G2 and V10000 G3 appliances: Security mode Module name Web Security Gateway / Anywhere Email Email Security Gateway / Anywhere...
TRITON Unified Security Center off-appliance on a separate Windows machine. [Even for evaluations, TRITON Unified Security Center can run on the appliance only if the appliance runs in full policy source mode.] See the Websense Appliance Manager Help for more information about the policy source.
The Websense components mentioned in this section must be installed off-appliance. Additionally, Microsoft SQL Server must be installed off-appliance. Use the Websense Installer to install any of the components mentioned here. See the Websense Technical Library for more information about components and installation instructions.
Agent RADIUS Agent Note If your subscription includes Websense Web Security Gateway Anywhere, TRITON Unified Security Center must run off-appliance, on a Windows Server 2008 R2 machine. Data Security components The following Data Security components run off-appliance.
TRITON modules. TRITON Infrastructure also (optionally) includes SQL Server 2008 R2 Express that may be used for Websense logging data. As a best practice, SQL Server 2008 R2 Express should be used only in non-production or evaluation environments. Full SQL Server should be used in production environments.
Reporting Tools has this service name: Reporting Web Server. TRITON - Data Security TRITON - Data Security consolidates all aspects of Websense Data Security setup and configuration, incident management, system status reports, and role-based administration. TRITON - Data Security services include: Websense Data Security Management Server ...
Page 12
Websense subscription. Refer to Microsoft documentation for installation and configuration instructions. If you do not have SQL Server, you can use the Websense Installer to install SQL Server 2008 R2 Express for evaluations. SQL Server 2008 R2 Express can be installed either on the same machine as TRITON Unified Security Center or on a separate machine.
The Quick Start poster, which comes in the appliance shipping box, shows you all items included in each Websense appliance shipment. The 2-page Quick Start poster explains how to set up the hardware and shows how to connect cables to the appliance and to your network.
or host files controlling the URLs that the E1 (and E2) interfaces can access. V10000 G2 and V10000 G3: Web and Email mode with Web Security Gateway Network interfaces C and E1 (and E2, if used) must be able to access a DNS server.
Setting Up Websense V-Series Appliances V10000 G2/V10000 G3: Web and Email mode with Web Security (no gateway) Network interfaces C and E1 (and E2, if used) must be able to access a DNS server. These interfaces typically have continuous access to the Internet. Essential databases are downloaded from Websense servers through these interfaces.
The activation script, called firstboot, runs when you start the appliance. Perform initial command-line configuration. Perform initial command-line configuration The first time you start a Websense appliance, a brief script (firstboot) prompts you to: select the security mode for the appliance ...
Page 17
NOTE: If you do not provide access to the Internet for interface C, use the TRITON - Web Security console to configure P1 to download Master URL Database updates from Websense (Web mode) Configure E1 or P1* to download antispam and antivirus database updates from Websense (Email...
Page 18
Setting Up Websense V-Series Appliances Tertiary DNS server for network interface C (IP address) Optional Unified password (8 to 15 characters, at least 1 letter and 1 number) This password is for the following, depending on the security mode of the appliance:...
To rerun the script manually, enter the following command: firstboot At the first prompt, select a security mode: Web: On models V10000 G2 and V10000 G3, this mode provides Web Security Gateway. On model V5000 G2, Web mode provides either Web Security or Web Security Gateway, at your choice.
Some of this information may have been written on the Quick Start poster during hardware setup. Complete only the section that applies to your appliance model and security mode: V10000 G2, V10000 G3, or V5000 G2: Web mode with Web Security Gateway V5000 G2: Web mode with Web Security ...
Page 21
Setting Up Websense V-Series Appliances Subnet mask for network interface P1 Subnet mask: Default gateway for network interface P1 and P2 (if IP address: used) If both P1 and P2 are used, the default gateway is automatically assigned to whichever interface is in the same subnet with it.
Page 22
Setting Up Websense V-Series Appliances Full policy source IP address This appliance provides (choose one): Full policy source User directory and filtering (you must specify the IP address of a machine running Policy Broker, which can be a full policy source...
Page 23
If you choose P1 and P2, enter configuration information under both P1 and P2. Note that default gateway and DNS configuration (under Shared Setting) are shared between both P1 and P2. Click Save in the Websense Content Gateway Interfaces area when you are done. Important When you use the P2 interface, the P1 interface is bound to eth0, and the P2 interface is bound to eth1.
Page 24
If you choose to bond the interfaces, E1 must be bonded to P1 and E2 to P2. No other pairing is possible. You can choose to bond or not bond each Websense Content Gateway interface (P1 and P2) independently. You do not have to bond at all. You do not have to bond both.
Page 25
Select the policy mode of this appliance: In the left navigation pane, click Configuration > Web Security Components. Specify the role of this appliance with respect to Websense Web Security policy information. • Choose Full policy source if Websense Policy Broker and Policy Database for your deployment will run on the appliance being configured.
On: the TRITON Unified Security Center runs on this appliance. TRITON - Web Security is the Web Security module of the TRITON Unified Security Center. For a Websense Web Security Gateway deployment, you can choose to run the TRITON Unified Security Center on or off the appliance.
Page 27
Setting Up Websense V-Series Appliances Tertiary NTP server Domain: Optional Choose interface for transporting blocking information for traffic. (interface C or interface N) If interface N transports blocking information, N Ensure that interface N has been set must be connected to a bidirectional span port.
Page 28
In the left navigation pane, click Configuration > Network Interfaces. Under Network Agent Interface (N), configure the N interface. The N interface is used by the Websense Network Agent module. It must be connected to a span (or mirror) port on a switch allowing it to monitor Internet requests going through the switch.
Page 29
Select the policy mode of this appliance: In the left navigation pane, click Configuration > Web Security Components. Specify the role of this appliance with respect to Websense Web Security policy information. • Choose Full policy source if Websense Policy Broker and Policy Database for your deployment will run on the appliance being configured.
Click Log Off, at the top right, when you are ready to log off Appliance Manager V10000 G2 and V10000 G3: Email mode After completing the initial configuration required by the firstboot script, use the Appliance Manager to configure important settings for network interfaces E1, E2, P1, and P2 (E2, P1, and P2 are optional).
Page 31
Setting Up Websense V-Series Appliances Gather the following information before running the Appliance Manager. Some of this information may have been written on the Quick Start during hardware setup. Primary NTP server Domain: Optional Be sure that interface C can access the NTP server.
Page 32
Click Save in the Time and Date area. In the left navigation pane, click Configuration > Network Interfaces. Under Websense Email Security Gateway Interfaces (E1 and E2), configure the E1 and E2 (optional) interfaces. The E interfaces are used to accept users’ requests (inbound traffic) and communicate with the Internet (outbound traffic).
Page 33
Setting Up Websense V-Series Appliances Interfaces P1 and P2 can be cabled to your network and then bonded through software configuration to E1 and E2. If you choose to bond the interfaces, P1 must be bonded to E1 and P2 to E2. No other pairing is possible.
Setting Up Websense V-Series Appliances V5000 G2: Email mode After completing the initial configuration required by the firstboot script, use the Appliance Manager to configure important settings for network interfaces P1 and (optionally) P2. Gather the following information before running the Appliance Manager. Some of this information may have been written on the Quick Start during hardware setup.
Page 35
Click Save in the Time and Date area. In the left navigation pane, click Configuration > Network Interfaces. Under Websense Email Security Gateway Interfaces (P1 and P2), configure the P1 and P2 (optional) interfaces. The P interfaces are used to accept users’ requests (inbound traffic) and communicate with the Internet (outbound traffic).
E1, and E2 (P2, N, and E2 are optional). While the E1/E2 and P1/P2 interfaces can be bonded to each other if the V10000 G2 or V10000 G3 runs in either Web mode or Email mode, they cannot be bonded when the appliance is in Web and Email mode.
Page 37
Setting Up Websense V-Series Appliances Subnet mask for network interface P1 Subnet mask: Default gateway for network interface P1and P2 (if IP address: used) If you use both P1 and P2, the default gateway is automatically assigned to P2 (which is bound to eth1).
Page 38
Click Save in the Time and Date area. In the left navigation pane, click Configuration > Network Interfaces. Under Websense Content Gateway Interfaces, configure the P1 and P2 (optional) interfaces. The P interfaces are used to accept users’ Internet requests (inbound traffic) and communicate with Web servers (outbound traffic).
Page 39
If you choose P1 and P2, enter configuration information under both P1 and P2. Note that default gateway and DNS configuration (under Shared Setting) are shared between both P1 and P2. Click Save in the Websense Content Gateway Interfaces area when you are done. Important When you use the P2 interface, the P1 interface is bound to eth0, and the P2 interface is bound to eth1.
Page 40
DNS IP addresses for the N interface. Click Save in the Network Agent Interface (N) area. Under Websense Email Security Gateway Interfaces (E1 and E2), configure the E1 and E2 (optional) interfaces. The E interfaces are used to accept users’ requests (inbound traffic) and communicate with the Internet (outbound traffic).
Page 41
Select the policy mode of this appliance: In the left navigation pane, click Configuration > Web Security Components. Specify the role of this appliance with respect to Websense Web Security policy information. • Choose Full policy source if Websense Policy Broker and Policy Database for your deployment will run on the appliance being configured.
Setting Up Websense V-Series Appliances V10000 G2 and V10000 G3: Web and Email mode with Web Security After completing the initial configuration required by the firstboot script, use the Appliance Manager to configure important settings for network interfaces N and E1 (E2, P1, and P2 are optional).
Page 43
Setting Up Websense V-Series Appliances Default gateway for network interface E1and E2 (if IP address: used). If you use both E1 and E2, the default gateway and DNS configuration are shared by both. Primary DNS server for network interface E1 and...
Page 44
N) manages all Internet requests, and can enforce policy for all protocols. When a third-party product such as Microsoft ISA Server or Cisco PIX is integrated with Websense software, then Network Agent (interface N) manages only non-HTTP and non-HTTPS protocols.
Page 45
Select the policy mode of this appliance: In the left navigation pane, click Configuration > Web Security Components. Specify the role of this appliance with respect to Websense Web Security policy information. • Choose Full policy source if Websense Policy Broker and Policy Database for your deployment will run on the appliance being configured.
Setting Up Websense V-Series Appliances • Choose User directory and filtering if the appliance currently being configured is not the location of the policy information, but will run Policy Server and User Service. Then, enter the IP address of the server that is used as the full policy source - a machine running Policy Broker.
Page 47
Setting Up Websense V-Series Appliances Secondary DNS server for network interface N IP address: Optional Tertiary DNS server for network interface N IP address: Optional IP address for network interface P1 IP address: Subnet mask for network interface P1 Subnet mask:...
Page 48
N) manages all Internet requests, and can enforce policy for all protocols. When a third-party product such as Microsoft ISA Server or Cisco PIX is integrated with Websense software, then Network Agent (interface N) manages only non-HTTP and non-HTTPS protocols.
Page 49
Select the policy mode of this appliance: In the left navigation pane, click Configuration > Web Security Components. Specify the role of this appliance with respect to Websense Web Security policy information. • Choose Full policy source if Websense Policy Broker and Policy Database for your deployment will run on the appliance being configured.
After the appliance has been configured, install the off-appliance components you want. See Software that runs off-appliance for more information about these components. Run the Websense Installer (in custom installation mode) on the machine to which you want to install components. See the Websense Technical Library instructions.
TRITON management server. Restoring to Factory Image The V10000 G2 and V5000 G2 come with a recovery DVD that can be used to restore the appliance to its factory image. You can use this DVD (after saving a Full configuration backup) to re-image the appliance and then recover your custom appliance and module settings.
Page 52
Ensure that the appliance time and date are synchronized with other servers. Restart the components that run off the appliance. On occasion, a manual download of the Websense Web Security Master Database should be initiated after a recovery. Do this in the TRITON Unified Security Center (Web Security module) if you receive a warning message about the Master Database.
Need help?
Do you have a question about the V10000 G2 and is the answer not in the manual?
Questions and answers