Quantcast
Channel: Forcepoint Community
Viewing all 2011 articles
Browse latest View live

Subscription error when installing a new machine with websense 7.7.3

July 18, 2013, 5:17 am
$
0
0

Hello everybody,

I have an environment with websense 7.5 installed and working. I constructed a paralel environment with new servers using the websecurity 7.7.3 version. All servers are installed. I copied the subscription code in the triton server that is in production and put in the triton tha is the new machine, but i received a subscription error. The subscription is valid and is working in my production environment.

My intention is put this paralel environment active and realize some test. When it is woking fine, I will turn off the envinronment that is working in websense 7.5 version.

Do you have any ideia what`s happening?

 

Thanks Rogério

 

Search

is Websense cloud web security gateway a viable solution?

July 18, 2013, 10:20 am
$
0
0

Hello folks - Could someone throw some insight wrt the below websense cloud questions:

If authentication is based on firewall external IP then how does Websense cloud sees individual usernames?

Is the PAC file static?

Is pushing PAC file URL via Group Policy, a one-time job?  Post that, how do I ensure my browser pulls the most current PAC file from Cloud after a policy change?

What happens if I try to browse without the PAC file?

When users are in office or home, could they install a new browser (other than IE & Firefox that supports your PAC files) in order to bypass Websense and try visiting any websites?

Does websense supports NTLM authentication from within the office? The rationale behind this question is when we generate internet usage reports does it show ‘usernames’?

 

If there are multiple policies for each and every department (for eg. HR, IT, Sales, Marketing etc), how does Websense decides which policy applies to which department for requests originating from within the office and remote (roaming).

7.7.3 Issues creating new policy

July 18, 2013, 2:39 pm
$
0
0

I edited the default policy to allow all sites except one category (gambling).  This works.  Now i need to create another category to block "Social Web - youtube".

I went to Policies, add, <new policy name> checked base on existing policy (Default). 

Now in this new policy, i am trying to block Social Web - youtube along with the default block of gambling.  I hit ok and save and deploy.  Next i go to clients, find the IP of the computer i want to push this new policy to and change it to my new policy name. save and deploy.  when i do this, it affects all users and not the one i want to push this policy to. 

When i go to the default policy, i see the block of youtube but i made that change in my new policy and not the default policy.  When i change in the default policy it back to allow youtube, ok and save and deploy.  It also changes my new policy.

Can someone please explain why creating a new policy changes the default policy and how to create a custom policy that i want to push to certain users?

 

Thanks

 

 

Trouble configuring SNMP alerts to localhost as WMI events

May 31, 2012, 7:18 am
$
0
0

I am trying to have our Web Security Triton server send messages to our SIEM via SNMP alerts. The server itself has a SIEM agent running on it that can monitor its event logs. My plan was to have Websense send SNMP alerts to localhost (already configured a community string and saved the information on the Triton config settings), trap those messages locally and have them show up as WMI events on the servers event logs.

I am not sure if this sort of configuration is beyond the scope of Websense's support, but I am having trouble with loading the Websense MIB.I followed the instructions from Microsoft on http://msdn.microsoft.com/en-us/library/windows/desktop/aa393621%28v=vs.85%29.aspx#installing_the_snmp_provider

I found WEBSENSE-MIB.txt (renamed it to .mib), which I loaded with smi2smir2 and created a .mof file. loaded the .mof file with the mofcomp command. Even after all that trouble I still don't see any WMI events related to websense alerts in the application log. If anyone knows what I may be doing wrong or knows how to setup SNMP alerts to the localhost as WMI events, please help me out.

Radius Agent and Microsoft Network Policy Server (NPS) radius server

January 20, 2012, 12:06 pm
$
0
0

Running Websense 7.6.  Attempting to point Radius Agent to NPS for the Radius Server on Windows Server 2008 R2 without any success.  All seems to be configured correctly and I can run a radius test utility from the Websense/Radius Agent server and get a successful connection to the radius server.

The radius agent log file shows the following message:  ERROR: Error receiving from server: 10060

I have found nothing regarding Radius Agent and NPS, but this is now Microsoft's radius server.  Has anyone else had success getting this to work?

Policy applied different from Check Policy

July 19, 2013, 10:56 am
$
0
0

Hi,

Deployment: distributed

Windows OS: Windows Server 2008 SP2

Websense Version: 7.7.3

This issue just started in the last two days.

I have had 3 users that all of a sudden had our "Default Policy" applied to them. This is a problem because our "Default Policy" is set to block everything.

We are using LDAP groups to apply policies to user. I thought at first there was a problem with the group so I checked with a few other users who shared groups with the users I was having issues with and they were all okay. I still confirmed that the user was still apart of the appropriate group.

I then used the "Check Policy" feature to see what policy was being applied to the user. This checked out okay. Websense was reporting the correct group and policy for that user.

I finally resorted to running the TestLogServer.exe and this is where I discovered that for some reason our "Default Policy" was being applied to the user. In the TestLogServer.exe output all the user information checks out. The system identifies the user correctly. But the wrong policy is applied.

I made sure that the users machine has the appropriate connections to the server as well.

I tried clearing the User Cache but that did not correct the issue either. The only thing I was able to do to get the user working again was to restart the server where the Filter Agent is installed. 

The server is not reporting any errors and is not exhibiting any abnormal behavior besides the above and as far as I can tell this issue is completely random (I can't find any connection linking the users accounts that have been affected).

Has anyone seen this before and know what could be causing it? My concern is that the issue will begin to escalate which would be bad!

Thank you

Why is the maximum number of columns to display seven

January 24, 2012, 1:49 pm
$
0
0

I am using Websense Web Security 7.6 and have a problem with reporting.  I would really like to have more than 7 columns of data in some reports.  Does anyone know why the reporting is limited to 7 columns?

Is there a way increase the maximum number of columns in a report?

7 seems like such an arbitrary number...  I searched the forums but could find no reference to this limit.

 

thanks

WES 7.2 Weekly Maint Index Fail

April 21, 2010, 8:50 am
$
0
0

Any attempt to run the Index Maint returns the fail message below.  This is a new install of 7.2 with Rule Export from 5.5 and Import to 7.2.  Also STEMConfig backup from 5.5 and restored to new 7.2 server.

Windows 2008 Standard Server, Full SQL 2008.

All other aspects of the production environment seem to be running fine for the past three weeks.  It's just this Index job that is failing.

Any tips on Index cleanup or ideas.

4/21/2010 10:31:24:272 2336  ----------->>  Started scheduled task "Index Maintenance weekly"
4/21/2010 10:39:02:586 2336  Database index rebuild failed.
4/21/2010 10:39:02:586 2336  Scheduled task "Index Maintenance weekly" failed.

Thanks all,

johnt

 

Search

New subcategory request: Payday Loans

August 3, 2012, 5:13 pm
$
0
0

The Financial Data and Services category covers too many types of sites for us. Those of us who deal with customer accounts or funds are very sensitive to indications of possible insider fraud or embezzlement. One of the precursor indications can be an employee who is visiting and applying for short-term loans from payday lending sites. Yes, they really do this from their work computers. <sigh>

This is one of the places where the normal recommendation of excluding Financial sites from SSL decryption is not a good thing in our industry. We have no problem bypassing the sites for known, large banks but we don't want to be bypassing for all of them. SSL Bypass for the entire category also opens us up to compromised websites from these types of companies.

Thanks for listening.

SQL 2012 Support

January 3, 2013, 2:28 pm
$
0
0

I found in an earlier post that SQL 2012 should be supported with the release of version 7.7.3.  Is this still the case and if so, when is this version slated to be released?

Running Multiple Policy Servers

July 23, 2013, 7:21 am
$
0
0

My current design includes 5 sites each with its our Internet access.

Site 1 - Broker/Policy/Filtering Server and a pair of Content Gateways.

Site 2 - 5 - a pair of Content Gateways.

All sites point back to Site 1, but was wondering how others handle multiple sites. Do you use more than 1 Policy Server? I was thinking of adding a 2nd Policy Server, but if I understand it correctly the WCGs cache a Policy so is there really a need for a 2nd Policy Server?

IP address is showing up instead of User names in "User" column in RTM

May 20, 2013, 8:53 am
$
0
0

Hi

IP address is showing up instead of User names in "User" column in RTM. But AD integration is working as we are logging into WebSense only through AD account.

Any ideas?

 

Regards,

 

Balaji

Licensing Usage Information

July 23, 2013, 2:30 pm
$
0
0

We have started receiving alerts from our instance of Triton that we are past the 90% mark of our license almost on a daily basis.  We suddenly seem to be having a spike in license use after the end of our business day.  I have been tasked with preparing a report of the time that each IP acquires a license during the day so that we can see if any changes need to be made in our configuration.  I know that I can use the ConsoleClient.exe utility to option the IPs that have acquired a license, but this does not provide the time.  Also I have not been able to modify an Investigative Report to find this information.

 

Our instance is a Standalone version of 7.5

 

Thanks in advance for any information that anyone can provide.

Block SSH protocol does not work (ssh tunneling)

July 24, 2013, 4:39 am
$
0
0

Hello,

We want to block ssh tunneling from internal network. (port 22 is block on our fw). Only way to go outside is to use wcg proxy or SaaS on port 8080/80

We applied a block ssh protocol policy to all our users but they are still able to connect ssh server through WCG (didn't test yet for SaaS). 

Wireshark dump on client:

CONNECT 88.xxx.127.xxx:443 HTTP/1.1

Host: 88.xxx.127.xxx:443

HTTP/1.1 200 Connection Established

Date: Wed, 24 Jul 2013 09:44:51 GMT

Via: 1.1 localhost.localdomain

SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze1

SSH-2.0-PuTTY_Release_0.60

Are we agree that Websense should be able to block this type of encapsulated traffic?
Please note that we didn't enable https feature on WCG
Does tunnel port settings on WCG is important ?
Tunneled Protocol Detection2.04396Wednesday, July 24, 2013 01:28:06

Custom block pages problem

February 5, 2013, 1:48 pm
$
0
0

Tell me, is it possible to have new custom html pages made up to show:

1.  A red-background coloured blocked page for genuinely blocked pages, with no further "Continue button" clicking

2.  A separate amber coloured background warning page for categories that are only set to warn the viewer before they hit the Continue button

I do NOT want to use the canned master.html, blockFrame.html, continueFrame.html, moreInfo.html pages with the iframe below the main block page because if you say "blocked" that confuses a lot of people when they can proceed to the Continue button and go directly to the page requested.  They just don't see it because the screen is red and they think they've done something wrong.

I only want the user to hit a blocked page for blocked categories and to hit a warning page for warning sites.  That's it.  It should be simple.  I'm not a novice, I'm a pretty knowldgeable computer guy, and if I can't figure this out, I wonder about those who don't have the knowledge to understand it.

Where can I define which page the system calls when a blocked event is triggered?

I'm pulling my hair out with this and it's been on the back burner because we haven't had time to sit with it.  Now that it's coming forward again, I need to finish this up and then I can die happy.

Thanks for your help,

Dan

Search

Seat Count - TMG Integrated

July 24, 2013, 6:06 am
$
0
0

Hello Websense community!

This is my first post here. I am new to Websense Web Security and i´ve just installed Web Security in a Forefront TMG integration and all my filter policies are based on LDAP users and groups. No agents deployed (like DC agent, or logon agent). 

Most of my clients are Firewall Clients with proxy enabled. A few are Secure Nat. The problem i am facing with is that my seat count are exceeded... we bought 100 licences, and all the servers (even if they have Internet browsing disabled in Forefront) are consuming a licence. This is not what we expected to happen... 

I looked into de seat count according to http://www.websense.com/support/article/t-kbarticle/How-do-I-get-a-seat-count-and-list-of-IP-addresses-for-my-Websense-users

In this post (http://community.websense.com/forums/p/10035/23077.aspx) Samatha says that "Some integrations *cannot* exclude traffic and are unable to have your seatcount reduced such as the Microsoft ISA server, Sonicwall, and TMG."

So i supose i need to acquire more licences (really need to do it???). Besides, what problems could we have with the host that are listed as "Exceeded Map Contents"?? The policies and filtering will still applying to those clients???

Regards,

A.

 


Site being blocked even though i have it in a permitted category

July 24, 2013, 3:13 pm
$
0
0

i have added this site in the "user-defined" category which is permitted..

sites added where:

http://fingerprintsreno.com/

http://www.fingerprintsreno.com/

http://fingerprintsreno.com/main

http://www.fingerprintsreno.com/main

time= Wed Jul 24 14:57:22 2013   version= 6

disposition= 1028 - Custom URL - Category Permitted

URL= http://fingerprintsreno.com/

category= 64 - USER-DEFINED

 

disposition= 1028 - Custom URL - Category Permitted

URL= http://fingerprintsreno.com/main

protocol= 0 - http  port= 80  networkDirection= Inbound

category= 64 - USER-DEFINED

 

 

disposition= 1057 - Blocked by Security Override

URL= http://fingerprintsreno.com/main/

protocol= 0 - http  port= 80  networkDirection= Inbound

category= 200 - WEB AND EMAIL SPAM

 

anyone know why this is still being blocked? Website IP stays the same.. not that it matters since it is HTTP and with URL check it is being categorized as "user-defined" although as you can see on the test log it comes abck as "web and e-mail spam"

 

any and all help is appreciated 

How to get full URL in a report?

July 24, 2013, 6:28 pm
$
0
0

I get email when users access adult sites.  In that email, it shows me that they accessed 2 adult sites but only has one of the URL's.  But at least it is the full url to the site that they accessed.  In my example, it was http://california.backpage.com/femaleescorts/(rest of link here).

 

When i want to find out what are the other exact URLS they are going to but when i run the report, and not california.backpage.com.  I can just see that the end user will say they were not looking at adult links off of backpages.  I read a few other post about this issue and it still does not show full URL.

 

I went to investigative reports > find my user.  then i select modify reports, add full url but it is always blank.  

 

How to get the full URL in a report?

 

Thanks

Websense subscriptions.

July 13, 2013, 11:21 pm
$
0
0

Maybe you have been asked this question million times but I tried to search for the past one hour I didn't find a solution. 

 

I have connected my web security 7.7.3 through Juniper firewall SSG 140 now the websense is monitoring all the IPs in the network. thus it is giving subscriptions.exceeded. 

 

is there a way that I can let websense monitor only the 65 PCs I have? 

 

I have a 75 users subscription and my DHCP server is covering Ips from XXX.XXX.XXX.50- XXX.XXX.XXX.200 

and I have even less than 75 users. 

 

I need help how to let the web security know that u have only this set of IPs to monitor. 

v7.7.3 Unable to connect to the directory

July 25, 2013, 1:44 am
$
0
0

I am getting the error message"Unable to connect to the directory", when trying to connect to Directory Services in Settings > General > Directory Services. No matter what combinations I use for Display Name, Password, Account Folder, DNS Domain Name.

The Help pages provide very little information :(

Surely I am not the only one struggling with the poor Help information?

Viewing all 2011 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>