Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
We're having typical issues with HTTPS traffic. We're not using Websense Content Gateway, so we must filter by IP address rather than the URL. While this works for most standard sites, it does not work for cloud hosted sites (Amazon Cloudfront, certain Google Maps sites, etc.).
Are there any alternatives to using Websense Content Gateway? Maybe something locally installed on each workstation that decrypts SSL on Websense's behalf? Any suggestions would be much appreciated.
Forgot to mention--I'm on Web Security 7.5 on an appliance.
Evan33517:Are there any alternatives to using Websense Content Gateway?
That depends on what you want from the Content Gateway.
Content Gateway uses the Microdasys SCIP engine to decrypt the traffic. You could talk to Microdasys directly to do this on each workstation or a centralized peice of software.
As far as the proxy itself, SQUID would work, but only the version of squid we support (i believe the 2.6 line). Squid 3.0 is not supported.
The built-in antivirus you'd have to find on your own, maybe clamav.
the built-in content analytics, SSL Category Bypass, and threatseeker network you would have no replacement for.
Obviously, you can't replace the sum of things that Content Gateway could provide for you with individual components, and certainly not in a comprehensive way.
JACOB SLOAN, CCNA, WCSE
Thanks for the reply.
We're really just wanting the ability to re-categorize an HTTPS site by its URL instead of IP. I suppose the SSL Bypass would be handy as well.
ISA/TMG can give you the hostname of the site, but not the URL. Only by decrypting the traffic can you be certain on what the url is.
Sounds like i'm pitching you WCG, but in reality, you already know that it's can do what you need, and you can't find anything else that can that also integrates into Websense software.
If you wanted alternatives to the entire product suite, you've got eSafe and Bloxx that can do similar, but not quite as effective.
It's not feasible to try to replicate what the WCG does at the workstation level... maintenance and upkeep would kill you. If the expense of a v10k / v5k is too much, you could always try to build your own Redhat server to run WCG on. That'll save you the cost of the hardware and support of an appliance assuming you have the expertise to support and maintain a Linux server.
