Search

Websense shows all traffic as https?

rated by 0 users
Answered (Verified) This post has 1 verified answer | 2 Replies | 1 Follower

Top 150 Contributor
20 Posts
unTechie posted on 25 Jul 2012 6:32 AM

We have Websense v7.5 in standalone mode.  A few minutes testing it did not block expected traffic.

The Example Standard Policy is put into effect for the entire office's network.

Any reason why testlogserver shows all outbound requests as https?

--------------------------------------------------------------------------------------------------------------
time=Wed Jul 25 09:03:59 2012    version=3
server=10.10.1.82 source=10.10.1.20 dest=216.203.33.181
protocol=    "HTTPS"
url=         "HTTPS://216.203.33.181:443"
port=        "443"
category=    9      (INFORMATION TECHNOLOGY)
disposition= 1026   (Category Not Blocked)
app type=    ""
keyword=     ""
user=        "LDAP://avny01 OU=IT Dept,OU=500 7th Ave - Administrative,DC=AdjmiApparel,DC=local/BBAdmin"
bytes sent=2706 bytes received=6551 duration=0                                   ...

time=Wed Jul 25 09:03:53 2012    version=3
server=10.10.1.82 source=10.10.1.106 dest=198.22.77.107
protocol=    "HTTPS"
url=         "HTTPS://198.22.77.107:443"
port=        "443"
category=    153    (UNCATEGORIZED)
disposition= 1026   (Category Not Blocked)
app type=    ""
keyword=     ""
user=        ""
bytes sent=5095 bytes received=55084 duration=15
---------------------------------------------------------------------------------------------------------------------

|
Reply Suggest an Answer

Answered (Verified) Verified Answer

Top 10 Contributor
986 Posts
Trusted Users (MVP)
Reply
Answered (Verified) Glitch replied on 26 Jul 2012 6:42 AM
Verified by unTechie

That's valid looking HTTPS, but are you sure you're actually filtering HTTP traffic?  The chances of true HTTP traffic coming up as HTTPS on port 443 is pretty much nill.

Check Network Agent settings in Triton and make sure you don't have it set to exclude port 80 and such due to integration (since you have no integration).  That may be your problem.

If not that, run "testlogserver -onlyip <YOUR IP>" and do some more specific testing.

|

All Replies

Top 10 Contributor
986 Posts
Trusted Users (MVP)
Reply
Answered (Verified) Glitch replied on 26 Jul 2012 6:42 AM
Verified by unTechie

That's valid looking HTTPS, but are you sure you're actually filtering HTTP traffic?  The chances of true HTTP traffic coming up as HTTPS on port 443 is pretty much nill.

Check Network Agent settings in Triton and make sure you don't have it set to exclude port 80 and such due to integration (since you have no integration).  That may be your problem.

If not that, run "testlogserver -onlyip <YOUR IP>" and do some more specific testing.

|
Top 150 Contributor
20 Posts
Reply
unTechie replied on 26 Jul 2012 6:53 AM

You are right in your reasoning.  However, there's an underlying issue here.

I found that Websense is still in Integrated mode even though I went through uninstall/install process w/ filtering/agent twice already.

Working w/ support to manually change this over.

|
Page 1 of 1 (3 items)