Websense Protector
Note:
From version 14.1 build 17.x onwards, NetScaler SDX has ended support for third-party virtual machines.
The Websense (now known as Forcepoint) Data Security protector is a virtual machine that intercepts outbound HTTP traffic (posts). Then it analyzes the traffic to prevent data loss and sensitive data leak over the web. The protector communicates with a dedicated Windows server for DLP policy information and can monitor or block data from being posted when a match is detected. Content analysis is performed on the box, so no sensitive data leaves the protector during this process.
To use the protector’s data loss prevention (DLP) capabilities, do the following;
- Purchase and install Websense Data Security
- Configure Web DLP policies in the Data Security manager
- Perform initial setup through the Management Service.
For more information, see the Websense Protector website.
Provision a Websense Protector instance
The Websense© Protector requires a Data Security Management Server that must be configured outside the SDX appliance. Select exactly one management interface and two data interfaces. For the data interfaces, you must select Allow L2 Mode. Make sure that the Data Security Management Server can be accessed through the management network of the Websense protector. For the Name Server, type the IP address of the domain name server (DNS) that serves this protector.
Note: SR-IOV interfaces (1/x and 10/x) that are part of a channel do not appear in the list of interfaces. Channels are not supported on a Websense protector instance.
Download a protector image from the Websense website and upload it to the SDX appliance before you start provisioning the instance. For more information about downloading a protector image, see the [Websense website. Make sure that you are using Management Service build 118.7 or later on the SDX appliance.
On the Configuration tab, navigate to Websense Protector > Software Images.
To upload an XVA image to the SDX appliance
- In the details pane, under XVA Files > Action, click Upload.
- In the dialog box that appears, click Browse, and then select the XVA file that you want to upload.
- Click Upload. The XVA file appears in the XVA Files pane.
To provision a Websense protector instance
- On the Configuration tab, navigate to Websense Protector > Instances.
- In the details pane, click Add.
- In the Provision Websense Protector wizard, follow the instructions on the screen.
- Click Finish, and then click Close.
After provisioning the instance, log on to the instance and perform the detailed configuration.
To modify the settings of a provisioned Websense protector instance, in the Websense Protector Instances pane, select the instance that you want to modify, and then click Modify. In the Modify Websense Protector wizard, set the parameters. Do not modify the interfaces that were selected at the time of provisioning a Websense instance. XVA file can be changed only after you delete the instance and provision a new one.
You can generate a tar archive for submission to technical support. For information about generating a technical support file, see Generating a Tar Archive for Technical Support.
Monitor a Websense Protector instance
The SDX appliance collects statistics, such as the version of SDXTools
, the status of the Websense© Data Security policy engine, and the Data Security proxy status.
To view the statistics related to a Websense protector instance:
- Navigate to Websense Protector > Instances.
- In the details pane, click the arrow next to the name of the instance.
Manage a Websense Protector instance
You can start, stop, restart, force stop, or force restart a Websense© protector instance from the Management Service.
On the Configuration tab, expand Websense Protector.
To start, stop, restart, force stop, or force restart a Websense protector instance
- Click Instances.
- In the details pane, select the instance on which you want to perform the operation, and then select one of the following options:
- Start
- Shut Down
- Reboot
- Force Shutdown
- Force Reboot
- In the Confirm message box, click Yes.
Upgrade the SDX tools file for a Websense Protector instance
SDXTools
, a daemon running on the third-party instance, is used for communication between the Management Service and the third-party instance.
Upgrading SDXTools
involves uploading the file to the SDX appliance, and then upgrading SDXTools
after selecting an instance. You can upload an SDXTools
file from a client computer to the SDX appliance.
To upload an SDX tools file
- In the navigation pane, expand Management Service, and then click SDXTools Files.
- In the details pane, from the Action list, select Upload.
- In the Upload SDXTools Files dialog box, click Browse, navigate to the folder that contains the file, and then double-click the file.
- Click Upload.
To upgrade SDX tools
On the Configuration tab, expand Websense Protector.
- Click Instances.
- In the details pane, select an instance.
- From the Action list, select Upgrade SDXTools.
- In the Upgrade SDXTools dialog box, select a file, click OK, and then click Close.
Upgrade the Websense Protector instance to a later version
The process of upgrading the Websense© protector instance involves uploading the software image of the target build to the SDX appliance, and then upgrading the instance.
On the Configuration tab, expand Websense Protector.
To upload the software image
- Click Software Images.
- In the details pane, from the Action list, select Upload.
- In the dialog box, click Browse, navigate to the folder that contains the build file, and then double-click the build file.
- Click Upload.
To upgrade the instance
- Click Instances.
- In the details pane, select an instance.
- From the Action list, select Upgrade.
- In the dialog box that appears, select a file, click OK, and then click Close.
Troubleshoot a Websense Protector instance
Ping a Websense protector instance from the Management Service to check whether the device is reachable. You can trace the route of a packet from the Management Service to an instance to determine the number of hops involved in reaching the instance.
Rediscover an instance to view the latest state and configuration of an instance. During rediscovery, the Management Service fetches the configuration and the version of the Websense protector running on the SDX appliance. By default, the Management Service schedules instances for rediscovery once every 30 minutes.
On the Configuration tab, expand Websense Protector.
To ping an instance
- Click Instances.
- In the details pane, select the instance that you want to ping, and from the Action list, click Ping. The Ping message box shows whether the ping is successful.
To trace the route of an instance
- Click Instances.
- In the details pane, select the instance for which you want to trace the route, and from the Action list, click TraceRoute. The Traceroute message box displays the route to the instance.
To rediscover an instance
- Click Instances.
- In the details pane, select the instance that you want to rediscover, and from the Action list, click Rediscover.
- In the Confirm message box, click Yes.