I am deploying WebSense 7.7 on our network, and am running with a standalone setup. We have several Citrix servers running on vmware 5.1. I cannot find any documentation as to whether Websense will be able to filter users on the Citrix servers in this situation.
Is it Possible to filter those Citrix servers? If so, are there any differences from a Citrix on standard hardware setup?
ISO is asking for date(time) a URL was added to the blocked list, I'm not sure how to do that or if it can be done.
Thank you
We have WebSense 7.7.3 running on Windows Server 2008 R2 (64bit), Network Agent on seperate Windows Server 2008 R2 (64bit).
In Real Time Monitor and in reports, only HTTP traffic is logged.
Network Agent running on seperate server, and set to generate debug log, and is seeing all traffic (HTTP, HTTPS, POP3 etc), and able to block https when policy changed to block it.. Have reinstalled Network Agent, and install checks it can connect to services on the main server OK.
Juniper SSG-140 configured to send HTTP/HTTPS requests to websense (but only blocks HTTP as per standard config).
Default policy set so all protocols are logged.
For a few days this was working fine, reports and real time monitor listed POP3, HTTPS and HTTP traffic.. The we had our scheduled microsoft patch updates which included reboots of all servers, and now we only see HTTP traffic in Real Time Monitor and in reports.. All websense services running, have rebooted both servers.. Options in websense web interface for network agent are set correct to log all traffic..
Used the testlogserver, and its only displaying HTTP traffic (with a log source of enhanced log), if I stop the network agent service, then testlogserver displays HTTP and HTTPS traffic (with a log source of integrated)
Any ideas on what we need to check? Seems something is wrong with the filtering service?
Network Agent debug log indicates its logging all traffic.. example of HTTPS:
[03/15/2013 02:59:04.633] (4008): LogRequest:
Time: Fri Mar 15 02:58:05 2013
EnhancedLog: 0
Proto ID: 11
Url: HTTPS://74.125.237.18:443
Source: 10.0.0.85
Port: 443
DescriptionCode: 1026
StatusCode: 0
Category: 76
BytesReceived: 0
BytesSent: 60
Duration: 59
Periodic: 0
Is there a way to be alert when WebSense is re-categorizing URLs?
We have several remote sites that each have their own internet connection and there is also a VPN connection that connects the main office to each of the sites. The goal is to have a central management server for the main site and the remote sites have a light version of Websense that captures the surf data and filters and reports back to the main site on a schedule. Is this setup possible? What Websense components will I need to install at each remote site? We do not use an applicance, I plan to install it on a Windows Server.
Thanks!
Hello!
I have a websense web security 7.7 integrated with a ASA. I have created a limited access filter for some users that only have access to office365 ( sharepoint, mail etc )
I know that i need to block the IP´s for https but office365 has tons of IP blocks. Kan you allows HTTPS access for IP blocks, for example https://1.2.3.0/23?
If no is there another way to do this? What product do you need to use domain names for https`? We evaluated cloud web security and there it worked.
I have started getting Websense EIM Encountered a problem and is shuting down on reboots and will no longer block any sites? I have tried stopping and restarting all the services but that does not help.
So I have a fresh install of Windows 2008 Server x86 with Webfilter 7.5 installed and I can't seem to get the DC_CONFIG.TXT file auto generated. I tried the usual tricks with transid.ini and websense.ini I can telnet to the AD server through the normal ports, there is no firewall active. Here are the errors Im getting
0x1558000: Error Retrieving Domains. Error Code: 259
0xcc8000: Trans ID Agent: Disconnected from XID agent at this location. [server: KDNAP-Websense] [port: 30600]
12/02/2010 09:40:54,Information,Websense EIM Server,,WsXidCollectorClient.cpp:200,0x10010001,Trans ID Agent: Connected to the XID agent at this location. [server: KDNAP-Websense] [port: 30600]
12/02/2010 09:42:33,Warning,Websense EIM Server,,WsXidCollectorClient.cpp:262,0x10010001,Trans ID Agent: Disconnected from XID agent at this location. [server: KDNAP-Websense] [port: 30600]
12/02/2010 09:42:33,Information,WebsenseDCAgent,WsApplication,WsServiceAppBase.cpp:945,0x112c0015,Websense DC Agent service stopped.
12/02/2010 09:42:36,Information,WebsenseDCAgent,WsApplication,WsServiceAppBase.cpp:1312,0x112c0014,Websense DC Agent service started.
12/02/2010 09:42:36,Information,Websense EIM Server,,WsXidCollectorClient.cpp:200,0x10010001,Trans ID Agent: Connected to the XID agent at this location. [server: KDNAP-Websense] [port: 30600]
12/02/2010 09:42:48,Warning,Websense EIM Server,,WsXidCollectorClient.cpp:262,0x10010001,Trans ID Agent: Disconnected from XID agent at this location. [server: KDNAP-Websense] [port: 30600]
12/02/2010 09:42:51,Information,WebsenseDCAgent,WsApplication,WsServiceAppBase.cpp:1326,0x112c0015,Websense DC Agent service stopped.
E:\Websense\bin>xiddcagent -c
Starting New Diagnostics...
Diagnostics port is 55925
Attempting to connect to policy server: 10.100.100.50:55806
Diagnostics Manager Listening on 30601
Press Enter to quit
ERROR WFC.Network.Network.WsSSLSocket - read failed, wbsn::SysException: SSL_rea
d: Error 0x2745 (cannot retreive description)
E:\Websense\bin>
E:\Websense\bin>
My users have been submitting a lot of requests recently that were previously categorized.
Is there something wrong with the master database, or did websense wipe out a category?
An issue with Cluster H is affecting some customers browsing from the Central and Eastern regions of the US. End users may have experienced timeouts when browsing the web due DNS failing to resolve. The change was rolled back at 13:00 UTC but we are still receiving some reports that users are experiencing the same problems. Operations are continuing to investigate.
Hi,
While I was creating the first new contacts on my account I didn't realize that I have only one chance to set the username.
The thing is that, after you put the personal information (Full name, address, email and so on), press the Submit button and a tiny link will apear at the bottom of the page to set the Username, if you dont set this username you will be unable to do it later....
Is there a way to delete or modify those mistaken contacts? I dont find any delete button or something.
Regards!
Hi,
Is it possible to configure to block documents file types except for PDFs for downloads? E.g. users can download PDF but rest of the file types (doc, .xls, .ppt..etc..) are blocked.
I'm having difficulty setting up policy for the above requirement. We are using Web Security v7.7.3 and integrated with TMG 2010 proxy.
Is there any option to achieve this or can a regular expression will help?
Appreciate for any input.
Regards,
Jonathan
it would be great if we could use content classifiers that we have defined in DSS for use in WS policies (blocking file download types etc)
one recent challenge is we wanted to block the download of encrypted files - this is only possible for uploads in DSS and in WS, the file types to block are quite limited, if we could have used a 'File Properties' content classifier, this would have been much easier,
Phil
could we get an FR ID for this?
Phil
Normal 0 false false false EN-US X-NONE X-NONE
My customer wants to host the PAC file on a web server in their DMZ, so it is visible both internally and externally. We are using split-horizon DNS with a domain name owned by the customer. This functions well, and we have a working PAC file.
The problem we have is when using the Websense endpoint, it ignores the location of the PAC file that we specify, and points all browsers to the Websense-hosted PAC file (eg http://hybrid-web.global.blackspider.com:8082/proxy.pac?p=xxxxxxx).
The Websense-hosted PAC file is not visible from the customer's internal networks, and will prevent the endpoint devices from roaming freely between internal and external networks. Their security policy forbids granting all internal clients to access the Websense-hosted PAC file through the firewall (for obvious reasons).
Is there any way of forcing the Websense endpoint to use a PAC file that is not hosted by Websense?
When enabling SSL inspection and adding the WCG as a subordinate CA to the Windows Enterprise CA, the private key stored on the appliance introduces a security risk.
If the private key were to be compromised or obtained through some form or other,it can be used it to impersonate the rightful owner during communications and transactions. For this reason, many organisation's PKI policies require the use of hardware-based cryptography devices to store private keys.
Private keys are stored on tamper-resistant hardware rather than on the computer's hard disk drive. All cryptography takes place in the crypto-hardware, so private keys are never revealed to the operating system or cached in memory
Support for these sorts of devices would be a welcome inclusion to the WCG
Hi,
Our GM was expecting an email message and it was rejected with this message:
552 5.3.4 Message size exceeds fixed maximum message size.
Where do I look to find out what the maximum message size is and where can I change it? The only thing I've found that looks close is the "Limit maximum message size" option of the Server configuration. I just want to make sure I'm adjusting the correct setting.
Websense Email Security version 7.3 - build 7.3.0.01186.
Thanks in advance,
Linn
I would like to request a feature to disable concurrent user login for security reason
Currently the second login will be set as read (view) only (cannot modify settings, etc)
Thanks
Hello everyone,
did somebody manage to get the combination to run with user-identification passed from Squid?
Squid is working fine, authentication is runing fine, i can see the users in the logfile.
ICAP sends the username - but it does not seem to "arrive" at the right place in Websense - at leas there is no filtering based on usernames or groups ...
I tried with "Mixed mode" and "Active Directory" but none works.
Anybody does have a helping hand here ??
Thanks in advance!
Joerg Hermanns