Choose from several options for complete web, email and data security.
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security.
This is my first post here and the first time I am using Websense so please bear with me
We have installed Websense7.1 WebSecurity on Windows 2k3 Server (Virtual Machine) behind a Cisco ASA firewall which redirects http traffic to the websense server. The clients also sit on the same interface so its a common Layer2 network.
Client = 10.244.45.7/24
Websense = 10.244.45.12/24
Cisco ASA (Default GW for both Client and Websense) = 10.244.45.1
The firewall is configured with just one websense server
url-server (xxx) vendor websense host 10.244.45.12 timeout 30 protocol TCP version 4 connections 5
I have tested the deployment and it seems to be working fine i.e. URLs are being blocked/permitted as per the policy. However, the firewall stats seems to be missing some denied URLs. Also running Websenseping from one of the client machines I get the following which I know is not correct
E:\WebsensePing_v7.1>WebsensePing.exe -s 10.244.45.12 -m 2 -url http://games.com/------------------------------------------ Sending URL_LOOKUP_REQUEST_EX...------------------------------------------ URL = http://games.com/ User Name = Source IP = 0.0.0.0 Destination IP = 126.96.36.199 Disposition = CATEGORY_NOT_BLOCKED Lookup Code = WISP_URL_OK Category = Games Elapsed Time = 1 msAVG TIME PER REQUEST = 1 ms
So my question is
Is it because the clients and the websense server sit on the same LAN we do not see hits on the denied URL counts increasing on the firewall and the same is reflected in the output of the Websenseping command or am I missing something here ?
In an installation that is integrated with a third-party product such as a firewall, only HTTP/HTTPS traffic may be filtered and logged until the Network Agent sees all outbound traffic and is configured correctly. This may involve configuring a span port on the switch to which Network Agent is connected.
I have only one interface on the server that Network Agent listens on and this is the source of the blocked messages. I had to restart the SQLServer agent to get some data on "Today" but still the firewall denied hitcounts does not increase.
I will try browsing from a machine in another subnet on the firewall to make sure that the redirects also go through the firewall which I think might be where the problem is at the moment as both the websense and the client are on the same subnet and hence the redirect messages are not seen by the firewall