websense 7.7 office365

rated by 0 users
Answered (Not Verified) This post has 0 verified answers | 6 Replies | 4 Followers

Not Ranked
5 Posts
mhargeby posted on 11 Nov 2012 1:22 PM

Hello!

I have a websense web security 7.7 integrated with a ASA. I have created a limited access filter for some users that only have access to office365 ( sharepoint, mail etc )
I know that i need to block the IP´s for https but office365 has tons of IP blocks. Kan you allows HTTPS access for IP blocks, for example https://1.2.3.0/23?
If no is there another way to do this? What product do you need to use domain names for https`? We evaluated cloud web security and there it worked.

|

All Replies

Top 10 Contributor
454 Posts
Moderator

Hi,

To block a certain https site, please recategorize the URL and its IP address to a blocked category. You need to add 2 entries for a https site in the form of:

https://www.xxx.com:443/ ( https://www.xxx.com/ )

https://x.x.x.x:443/ ( https://x.x.x.x/ )

Here www.xxx.com is the URL and x.x.x.x is the IP address of the site. Please make sure you add the port ID (443) and the forward slash to each entry. You can use nslookup to find the IP resolved from the URL. If multiple IPs are turned out, you need to add an entry for EACH of them.

Websense security gateway can block https directly by the url.

Phil

|
Not Ranked
5 Posts

Thanks,

Well that was bad news :( Since office365 has so many IP´s it´s not realistic to do that.

|
Top 10 Contributor
986 Posts
Trusted Users (MVP)
Suggested by Glitch

You should be able to do it by Regex.  I don't know what the string would be, but if you know regex it wouldn't be too difficult to do.

|
Not Ranked
5 Posts

Thanks i might look in to regular expressions but it bothers me big time that websense can´t give me solution except recat a bunch of sites.

 

|
Not Ranked
1 Posts

Normal 0 false false false EN-US X-NONE X-NONE

The response from Websense when I posed this issue:

#1 to reallocate each site as comes up by the https ip string

 

   you can obtain their ip's from

 

http://onlinehelp.microsoft.com/Office365-enterprises/hh373144.aspx

 

 #2 allow the category it is associated with "web based email"

 

 #3 purchase V10K that does ssl decrpyption

 

Our Solution:

We have an ASA 5510 with Websense in Integrated mode with Cisco ASA.  We created a group on the ASA containing all of the IP Addresses listed in Option 1 and added the 157.54.0.0-157.60.0.0 for *.outlook.com.  When created a rule that tells the ASA to bypass Websense for the group we created. 

Websense is not capable of unblocking ranges, but can do individual IP Addresses.  We initially tried inputting the IP Addresses from the ranges into Websense, but it is incapable of accepting that amount of IP Addresses when you paste them in either (over 600,000).  Websense is designed to block security risks.  For big items like this that you are looking to allow, it makes sense to bypass Websense and let your firewall do the heavy lifting.

|
Not Ranked
2 Posts

Hi , you realy need to look at our Gateway/Proxy solution that can handle HTTPS URL requests

|
Page 1 of 1 (7 items)