Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
Just relalized the ignore.txt file and having the network agent ignore subnets is still filtering our servers/ranges and using up a license.
I know there is a command for the PIX/ASA to bypass subnets from filtering, but am unable to find information on this for the integration product with Cisco Routers.
Anyone have info on this, so we stop exceeding our licenses daily? I know that the IOS doesn't have the same command or anything that seems similar and feel that I'd have to either create some additional ACL's or route specific traffic out of a virtual interface or interface w/o the WS policy applied to it.
I'm hoping there is just a command or file I'm overlooking still that can be used to get around this issue as the ASA provides???
Routers being used are all Cisco ISR G2 29x1 series, running IOS 15.2 2T WS Filter is 7.6.2 soon 7.7 =) and network agents in place along with integration to the routers of course.
Thanks for any insight you can provide,
Jacob
For Cisco routers, no, i do not believe there is an exception that you can put in, but I could be wrong.
For Cisco ASA's, you can do "filter url except 10.212.4.2 255.255.255.255 0.0.0.0 0.0.0.0" to filter a single ip address.
See Cisco documentation for the filter commands used to see if there's an exception process in the Cisco router.
JACOB SLOAN, CCNA, WCSE
There isn't anything in stone, but I thought there might be a work around that you guys use when places don't want their servers or specific subnets filtered when using router integration?
I'm open to suggestions as we are going over our licenses because of this and thought that putting an exception in for the network agents and the ignore file would work, but when I run the console check, the machines in the given subnets are still being filtered or using licenses.
And the KB article does say that changes need to be made to the integration products as well, but doesn't say much for the routers and I haven't been able to find anything covering workaround or commands for this.
Any thoughts or suggestions?
unfortunately, it's the responsibility of the integration partner to decide how to implement the integration.
The filter service will count any ip address sent to it. So if the integration does, it will be counted.
