Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
Hi all,
I'm working with Websense 7.0.1 with AD in Native Mode.
I'm filtering users based on group membership.
A default policy is applied to all users not belonging to any group
How much time does it take to have new policy applied to a user after I add his name into Group A (for example).
Can I force it in any way (already tried restarting Websense User Service).
Maybe some settings in logserver.ini ?
Thanks in advance and best regards!
Beppe
Directory Service Cache caches the User Service queries of the directory service for updated users\groups information by default every 2-3 hours. Active Directory replication by default is around 3 hours, so typically the User Service default value is adequate. In some instances, where Active Directory replication occurs more often, you will need the User service to update it's cache more frequently to keep pace. Two parameters can be added in the eimserver.ini and websense.ini files: In eimserver.ini[WebsenseServer]PolicyCacheTimeout=15 Note: You may already have [WebsenseServer] so just add the PolicyCacheTimeout=15 Stop the services 'EIM', then 'User', then 'Policy'; then Start the services 'Policy', then 'User', then 'EIM'. What this entry will do is cache your EIM Server (Filter Service) queries with a TTL (Time To Live) set at 15 minutes from the Default of 3 hours. This will increase the queries to the Domain Controllers. In websense.ini[DirectoryService]CacheTimeout=15 Exert maximum caution when implementing these values, as they increase overall network traffic.
Websense Forum ModeratorWeb Security | Data Security | Email Security
Hi Hacken_Liu,
I want to reduce the number of hours the usermap is stored in DC agent
I can reduce it to 1 hour but wanted to reduce it more
Will the above setting help?
regards
Chandru
I do not recommend you reduce the user entry timeout in DC Agent. The above settings will not help you achieve that. DC Agent only retrieves the logon session from DC/workstation to get the user/ip pair. It has nothing to do with the group information.
Hi,I am seeing issues with vpn users who get different IP address whn they connect to cisco asaIf a userA connects and gets 10.11.1.1 and disconnects this mapping is stored in Usermap for 24hrs and if a userB connects and gets the same IP UserA policy is applied to UserB which is causing lots of issuesHow to get this sorted?I would like to talk to you if possible
Hi Chandru,
On the forum, we do not provide phone support. I recommend you raise a support case, and then we can discuss this issue further.
Kind regards,
I have a case already open
case 00482026
Can you please review the case and support me?
I have checked the case, and our specialist Tony is working on it. I will help you push him to look at your issue first. Due to our company policy, I can only support my own cases, but I will help you on the forum if I have time to review all the case history.
Thanks for your understanding.
Kr,
Dear Hacken,
How can we implement this on the V10000 appliance?
thanks, Raafat
For v10000,if you want to change the parameters in the eimserver.ini and websense.ini files,please raise a case. Our technician will do this for you.
Looking at our install of 6.3.3, not having modified these settings, our default for PolicyCacheTimeout is 10800. (I found this out by running consoleclient localhost 15869 - option 6 ini parameters). If this is in minutes, that's 7.5 days. Is that correct, this setting is definitely minutes and not seconds? I know our group membership doesn't update every 3 hours, so it could be, but I want to confirm because this doesn't coincide with the statement that the default is every 2-3 hours. Thanks!
