Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentDIRECTORY SERVER 2.0 - GATEWAY
12345678910
servers. Rules may be defined for both types of authentication realms, but only one
method (NTLM or LDAP) can be active at any time.
See Websense Content Gateway Online Help, in the chapter titled Security, for
detailed information about configuring all these proxy authentication options.
TRITON - Web Security authentication
You can configure user identification in TRITON - Web Security rather than on the
proxy. Methods of user identification include the use of Websense transparent
identification (XID) agents like Logon Agent or DC Agent, which identify users
transparently. Manual authentication, which requires users to enter login credentials,
can also be configured in TRITON - Web Security. See the TRITON - Web Security
Help, in the chapter titled User Identification, for details.
HTTPS content inspection
An optional SSL feature allows the transmission of secure data over the Internet.
When you use Websense Content Gateway with SSL enabled, HTTPS data can be
decrypted, inspected for policy, and then re-encrypted as it travels from the client to
the origin server and back. Enabling this feature also means that traffic from the server
to the client can be inspected for Web 2.0 and uncategorized sites. The SSL feature
includes a complete set of certificate-handling capabilities. See Websense Content
Gateway Online Help for information on managing certificates.
Deploying Content Gateway with SSL enabled may require the following
modifications to your system:
Creation of trusted Certificate Authority (CA) certificates for each proxy to use
for SSL traffic interception, and the installation of those certificates in each
trusted root certificate store used by proxied applications and browsers on each
client
In explicit proxy deployments, additional client configuration in the form of
Proxy Auto-Configuration (PAC) files or Web Proxy Auto-Discovery (WPAD)
In transparent proxy deployments, integration with WCCP v2-enabled network
devices
When the Content Gateway is configured for SSL to handle encrypted traffic,
category bypass settings can be used to specify categories of Web sites for which
decryption and inspection are bypassed. You can also maintain a list of hostnames or
Note
HTTPS content inspection can also affect system hardware
resources like processing capacity and memory
requirements.