Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
Alright I am working on the remote filtering side of our websense integration. So far I have everything working as it should no real problems but the IP Address that is being sent back to websense by the client does not match the actual client.
So from that I did some research and found that the IP Address is really just the last 8 hex characters of the MAC Address converted to decimal and Displayed as the source IP. So with that I started doing the math and figuring this out.
Source IP displayed from remote client in websense reports: 131.61.72.56
This translates to XX:XX:83:3D:48:38
So I did a ipconfig /all and this MAC Address is not on any adapter of the client machine. So from there I did a arp -a and that MAC Address is not listed anywhere in the Arp Table. From there I went to our Main router for this site and Got the entire Arp Table from it and still no MAC Address shows these last 8 characters.
I am at a loss as to what this is. I can assign this a custom policy and it works fine but without know what its showing me as the source ip address or if it will change I dont want to move forward with this.
Im hoping someone could help me out with this show me something im missing or something
That's incredibly odd behavior, I hope you opened a ticket?
That aside, you really don't want to be filtering remote users by IP address. Give them their policy by username/group, something that won't change, because even if you get this fixed and the IP displayed is correct it'll still change depending on where the user is or what ISP they're using.
I plan to open another case today. Also none of our remote sites and computers are on the domain or on any domain. The sites I am using are static IP's and from my understanding it reports MAC addresses not the physical ip address of each PC. These address's wont change and if they do I will get a notification of this. It would be nice if the default policy was sufficient enough for these remote locations but they require custom policies.
