Installing and using the connector – Google Web Security for Enterprise Administration Guide User Manual

Page 9

Google Web Security for Enterprise Administration Guide

Discuss the following issues with your activation specialist:

Verify that port 8080 is allowed through your corporate firewall.

Be sure that port 80 is blocked or locked down on the firewall. This will
ensure that all outgoing web traffic can only go through the web security
service.

Identify your internal network subnets.

Gather your corporate NAT address or range and domain name.

After you are provisioned for web security by your web security service
account representative, you will receive an activation email. This email
includes a link to a web form with a list of pre-activation questions that you
must answer before t he activation process begins. For example, use the form
to provide the scanning IP ranges, your corporate NAT address or range and
domain name, and other important details needed for the service (as
mentioned above). The URL for the form will be in the email.

Note:

You must submit the web form before activation of your service can

begin. Activation will occur in five business days following the submission of
the form. Consult your web security service activation specialist for more
information about the web form.

Your activation specialist may assist you in activating web security for a pilot
group of users in your company. This process allows you to gather data from
a small set of users, so that you can then observe the results in the Web
Content tab of the Administration Console.

Installing and Using the Connector

You must install the Connector only if you are using the Web Filtering feature of
the web security service. The Connector is used to gather user identification
information that is normally only accessible internally to an organization (see
“Installing the Connector” on page 54).

This information includes: internal IP address, Windows Domain name, user
name, and group name. These details are required so that web requests can be
matched to individual users, enabling the web security service to apply user and
group based access restrictions and to generate detailed reports and blocking
alerts. Any information gathered by the Connector is encrypted before being sent
over the Internet to the web security data center. The encrypted data is then
stripped out of each request before it is then forwarded to the destination server.

The Connector is available in multiple versions, each tailored to integrate with a
specific infrastructure type. These include the Microsoft ISA 2000 Server,
Microsoft ISA 2004 Server, Microsoft ISA 2006 Server, and a version for an ICAP
capable gateway. Note that the Connector also supports ISA 2004 Enterprise,
however you must ensure that the Connector installation is run on all array
members. Additionally, you can choose the Virtual Connector during the
installation process (see “Virtual Connector” on page 11).