Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Stay informed on the latest security exploits, industry news, research, solutions, and more.
CF
A tad late but thought I'd post the resolution for the sake of sharing & closure.
I found a bad MAC in the block page NIC configuration. Changed the InjectDestMACAddress to the GW MAC & everything works as it should.
Seems like HTTPS webstite is ok, but HTTP is not. Is this issue happening to all HTTP websties?
This issue appears to only affect Google (original post for details). HTTPS has issues but it is because MDS is configured to deny SSL requests to servers that have certificates which are untrusted or expired. Not sure if this would be related. Other HTTP sites apear to be fine.
Running a testlogserver against the active BES shows a few Category Blocked messages but those are for advertising sites - I recategorized them to permit thinking this might be the issue but it didn't help. I just noticed that the testlogserver shows no information for the user.
When I performed a testlogserver against the active BES the other day it showed multiple user accounts.
To the best of my knowledge, BES is configured to act as a proxy for the devices and we have an AD account that BES should be using for this but that will depend on who's logged onto the BES server or what account the service (not sure which service) is running as.
Usually if there are blocked messages in the testlogserver result, you can just re-categorize the urls. But apparently this is not working for you. To figure out your issue, we need to undertsand your whole installation clearly to see how the traffic is routed. I suggest you open a ticket with our tech support team to do detailed troubleshooting.
CF -- I am using WCCP with a BES server around and have never had this issue. We make sure the BES Server gets a policy by its IP address, but that shouldn't matter for you.
Solution: Settings / Network Agent / Global / Network Agent IP - list the BES as proxies. This setting can be found in config.xml which I recovered during the migration process. Had to remove / add & problem solved.
Thank you all for the suggestions!
C
I think I spoke too soon. It appears that identifying the BES as a proxy or cache simply removes BES from filtering. This isn't what we're after. We need Websense to filter all BES internet traffic. The BES is configured to point to WS as the proxy.
I have very limited knowledge fo BES, all I know is that MDS is setup with a service account that WS used to filter & now does not. Anyone have any suggestions?
Appreciate it.
