Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
Hi there,
We've just installed the web filter in an environment which is predominantly Apple, being that there are no Microsoft active directory servers, no Novel eDirectory servers, nor any RADUS Servers.
We have the necessary information in realtime, mapping users to IP addresses, which we'd like to feed to the web filter in the same way that the transparent user identification agents do.
Is there a mechanism for doing this? or an API which I can point our developers at?
Our of desperation, we considered using the RADIUS agent and sending fake requests/responses through it such to build up the user map, there must be a better way than this!
Thanks an advance
Dave.
I'm afraid we can't change to AD simply because websense don't have an open interface for user identification!
Nontransparent user identification is problematic in that it breaks background updating processes (such as apple / linux software updating), though with the apples we do at least have WISPR so an opportunity to present them with (yet another) logon dialogue!
Thanks for your help, I think our radius idea was better (send fake requests and replies through the radius agent, fooling it into thinking that the employee is logging on via radius)
I should add that we have an LDAP server against which we need to identify these users, since the policy is by user and not machine (users are hot-desking all the time) . We have full control of this environment such that we can capture these logon events and feed them somewhere, maintaining our own user map.
JACOB SLOAN, CCNA, WCSE
Thanks,
Unfortunately we don't have the content gateway, we use the EIMServer of the web filtering service, we have many offices around the world, each with a firewall communicating with the EIMServer, we can't support a design where any trafifc would be going through a central location like a content gateway, we already have a list of usernames and IP addresses which is updated each time an employee logs in or out globally, we just need a way of pushing this ourselves to the filtering module.
Can somebody from websense please comment on this? is the interface between the transparent user identification agents and the filtering module proprietary? or is it based on standards based protocols that we can use to update the filtering service ourselves?
lochii:is the interface between the transparent user identification agents and the filtering module proprietary?
Yes it is.
lochii:or is it based on standards based protocols that we can use to update the filtering service ourselves?
Sorry, no.
The only way you'll be able to get user identification for the Filter Service is using the 'Prompt for Manual Authentication" settings from within the User Identification settings. But, that's not transparent.
Your best choice is to drop LDAP and go with Active Directory instead.
