Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
Hello-
We have two V10000 boxes. One with SSL decryption 01 and one without 02. 01 we use for production and 02 we use incase of an emergency. We upgraded last sunday to 7.6.5 from 7.6.2 on 01 and 02. Well when monday started and we had ~1500 users we could no longer go to any https sites. After about 10-15mins you would just get a connection failed page. We moved all but about 60 users to 02 and have had zero issues. Now that there is no load on the 01 box it is working fine with less than 60 users. We can not leave all of our people people on our backup box and we need SSL decryption. Anyone have any ideas?
What we have tried:
http://community.websense.com/forums/t/13343.aspx http://www.websense.com/support/article/kbarticle/Verify-Deny-Peer-suddenly-disconnected-found
I hope you opened a high priority ticket with support??
Please keep us updated -- I'm planning on doing this same upgrade in a week or two but this would be a show stopper for me since I don't have a secondary appliance.
Yes a ticket was put in May 17th, 2012. Just trying to see if anyone else has hit this problem that can give a solution. It worked great in 7.6.2 just not so much in 7.6.5.
I hope this is a freak issue with your environment, because I have almost double the user count you do and this would cripple me.
If you're not getting enough response from support I'd talk to your Sales rep and make sure your priority gets bumped up. Forget that you have 2 appliances, this is a production stopping issue and should have the highest priority. We pay a premium for support on these appliances so make sure you're getting your money's worth.
I experienced the exact same issue. Tech support had me switch off HTTPS, restart the gateway, then turn it back on and restart the gateway. This fixed the HTTPS problem, but now we are having very slow response times. Not sure what this update did.
This is a known issue, and we have an instrumental build of the fix that will be in 7.6.7 coming up in about August/September timeframe.
If you are affected by this issue, do either of the following:
Appliance customers: please make a case, and refer to EI11401.
Non-appliance customers, you can use the following shell script:
# Fix WCG 7.6.2 SCIP High CPU USage (EI11401) hotfixdownloadpath=ftp://eng_public:websense@ftp.websense.com/Utilities/hotfixes/WCG_7.6.5_EI11401_MDS_Inbound_High_CPU_Usage_linux.tar.gz hotfixinstaller=install_IB11242.sh ## Reusablecode below: hotfixtoinstall="${hotfixdownloadpath##*/}" hotfixpath="${hotfixdownloadpath%/*}" mkdir $hotfixpath cd $hotfixpath wget $hotfixdownloadpath tar -xzvf $hotfixtoinstall ./$hotfixinstaller
JACOB SLOAN, CCNA, WCSE
I've been running 7.6.5 for at least a month now without any trouble... under what circumstances does this issue present itself?
The issues are only present with HTTPS sites. We believe the issue is with the SSL engine. According to my tech, the above CPU issue does not apply here. The problem is being escalated and I will update here when we figure out the solution.
kscott:The issues are only present with HTTPS sites. We believe the issue is with the SSL engine. According to my tech, the above CPU issue does not apply here. The problem is being escalated and I will update here when we figure out the solution.
I will be applying that "hotfix" onto your box as well. Then we'll troubleshoot if he issue remains.
this sounds really similar to a v7.5 issue with microdasys.
It seems part of the issue was a user filtering issue, and another issue was fixed by the CPU usage bug posted by Jacob above. I am now at acceptable speeds, but https sites are still not responding like they were before this upgrade. I have also not noticed much in the way of SNI being fixed for Common Name mismatch. I actually have two sites that flagged for this after the upgrade as opposed to before.
I must say I am disappointed to have so many problems with such a small version change.
I am planning on moving to 7.7 in hopes that some of these issues will be relieved, and I will risk it if it means getting this box running like it was when we first implemented.
So far I haven't hit this and moving from 7.6.2 to 7.6.5 fixed some things. It does appear that the SSL certificate common name is now being seen as case-sensitive on wildcard certificates and creating incidents, though.
If I go to www.hyland.com I get an incident because the SSL Common Name is *.Hyland.com . I've got several incidents like this.
Hey Ray -- I have been upgraded from 7.6.2 to 7.6.5 for a while now, I've never encountered the issue you describe. I can go to https://www.hyland.com, see the Common Name is *.Hyland.com, but I didn't get any warnings in IE or Firefox.
Glitch -
You don't have cert verification enabled though, do you?
Tom -- that is correct. I keep forgetting that, but each time I read threads like this I'm glad I have it disabled.
