Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
I am having a heck of a time getting Websense Express to work. As our library does not own a switch anywhere near smart enough to have a span port, I'm currently using the following hack to get Websense to see the web traffic:
All patron web activity goes through a simple Squid caching proxy. This linux machine uses xtables-addons' -j TEE extension to iptables to send a copy of each packet to the Windows Server 2003 machine running Websense.
This is actually working, for the most part. Websense sees the traffic and sends a block request to the correct IP address. However, the HTTP 302 and TCP RST packets it sends out have the wrong MAC destination address; the auto InjectDestMACAddress setting sends them back to the proxy, where they are promptly ignored. Manually sending the packets to the MAC address of my router or the Windows server itself also does not get them to the client.
Is there a better way to do this?
You can run testlogserver to diagnose the traffic
Using TestLogServer with Websense Enterprisehttp://www.websense.com/support/article/t-kbarticle/Using-TestLogServer-with-Websense-Enterprise
Kate_Zhao: You can run testlogserver to diagnose the traffic Using TestLogServer with Websense Enterprisehttp://www.websense.com/support/article/t-kbarticle/Using-TestLogServer-with-Websense-Enterprise
TestLogServer shows the blocked traffic, with the correct source and destination IPs. It looks like Websense really, really needs a dumb hub or span port attached to it. Can I put in a heartfelt request to fix this particular problem (incorrect MAC address on block requests in response to relayed traffic)?
Assuming that is a problem.
Hi, would you please post your testlogserver result for further investigation?
