We have 300+ servers. Our current license is good for 500 users. These servers aren't using the internet, yet when I run a seatcount for how many users are being filtered, these servers are being filtered and counting against my 500 user license. This is creating a problem because I have 165 or so users not being filtered properly because we are exceeding the user license.
Any ideas to why they are being pulling into this?
Any suggestions on how to get around this?
Thanks.
Hi,
I have just configured two hybrid filtered locations with different external ip addresses, one for our prod data centre and one for DR.
Since creating them Triton has reported that there are overlapping filtered locations using the prod sites ip but the two entries are completely different. I have also noticed that I can delete the entry for DR, leaving only one filtered location and it the error messge will not go away.
It also looks like these locations are stopping the hybrind endpoint client functioning correctly as I can see it authenticate but will not filter traffic afterwards.
Can anyone help me wit this? Is it a known bug with Websense? Is there a workaround?
Cheers
Andy
Hi All,
This is a reminder for all cloud customers:
On 31 August 2013 between the hours of 10:00 - 16:00 UTC we will be performing maintenance to the Websense Security-as-a-Service (SaaS) infrastructure. During this maintenance, Websense Cloud Web Security and Cloud Email Security customers may experience a very short period of slow responses or interruptions in access to Cloud Security Portal. Web filtering and email scanning and delivery will be unaffected.
regards,
Moderator Dhan
Hi,
We installed a new network card to server, windows detected and shows the card however, websense didn't detected and show. Is there a solution for that? Thanks...
On my server, I set a policy to block some web pages like facebook at 8:30 am. I suppose that, at that time, all the blocked categories and protocols are applied. But I am surprising to see that facebook continue to be updated even if in the Real-time Monitor, it displays that Facebook is blocked. And I can send a message too.
How can I appropriately do it so there is no diplay of the web pages which categories and protocols are blocked ?
Thank you for your help.
In email channel, it can't monitor outlook drafts content, we want to monitor the draft mail, because the user write a mail and does not send to anyone, then use the outlook web access check drafts at outside, it can get sensitive information.
Looking to add a new gigabit switch to our stack. We don't currently have one with port spanning capabilities. Would appreciate it if a few people would provide some suggestions, maybe a model they're using or have used that worked well with Websense. We use a CISCO 5512 in conjunction with Websense.
Also, do all the switches need to have port spanning capabilities to catch all data from all computers or can I make the new switch the primary and ensure the Websense server and internet connection/firewall are connected to it?
Hi,
We have some issue with a site categorization
protocol= "http"
url= "http://www.marketingpower.com/"
port= "80"
category= 1922 (unknown) ------------> but this says it is not categorised if i run testlogserver for an ip
disposition= 1028 (Custom URL - Category Permitted)
app type= ""
keyword= ""
Below is what i get from Websense site lookup tool
http://www.marketingpower.com/ -
Business and Economy
http://marketingpower.com/ - Business and
Economy
http://power.com/
- Social Networking and Personal Sites
http://www.power.com/
- Social Networking and Personal Sites
one more issue is that when i blocked power.com site it blocks the marketingpower.com site as well
Seems a bit weird. By default Websense blocks unknow category or blocks them
I have allowed marketingpower.com as a customurl with RegEX but seems the same issue
regards
Chandru
Hi There,
we would like to block 3D-PDF Files in Data Security.
It would be nice to find them in File Properties.
I have opened a Support Case (#01344563), there are some PDF's and the detailed description of our needs.
thank you
Alex
I would like to request a feature to disable concurrent user login for security reason
Currently the second login will be set as read (view) only (cannot modify settings, etc)
Thanks
Hi,
Could we raise an FR for directional control (Inbound / Outbound / Both) on all the channels to give us more flexibility when writing DSS policy?
Currently it is only possible with the SMTP channel and the Protector (Tap mode), but we would like to control this with other channels like Web and Endpoint.
One use case is so we can write DLP policy for data coming IN (being downloaded) to the network,
Although this is not necessarily related to data loss, it could be to stop traffic being transferred from one part of the network to another to keep data in a secure area.
Thanks,
Phil
We are users of both Cloud Email and Cloud Web filtering and have discovered an issue in the way the security model works. This has been taken to the support team and we have been told this is as is.
I'll quickly go through the issue before the suggestions.
Admin is set to advanced view in secuirty and is allowed access to only view some email profiles but has full access to all web profiles. When admin signs in and goes to Admin custom categories his is unable to view or add details. If I change his account to simple security view - this giving him access to all email and web profiles (something we do not want to do) he does have access to custom categories. I we change the view the advanced again, still having full access to all profiles - next sign on returns him to No access to custom categories.
We have been advised this is by design as custom categories can impact all web profiles, so it is removed from access when moving to granular support. This does not stack up though when you think of my initial stand point - the admin is allowed access to all web profiles, so therefore should be allowed access to custom categories.
Recommendation 1. To review the security model and add further granularity around allow view/modify of custom categories -especially cross products. I should be able to give an admin, for example, no access to email profiles but full access to web and all aspects of that management.
Recommendaiton 2. It would be nice to have some way of viewing what sites are added to a custom category without the need of having to grant this full access. eg - first level support guys may need to see if site has been whitelisted.
Recommendation 3. When adding urls to custom categories it would be great to have a free text field to note why it is added (eg: link to a helpdesk ticket, add a user name, add a business case).
Hi
This is aimed at the endpoint agent only so please do not think of a work around involving other DSS components. So the infrastructure only includes a Manager and a endpoint agent (on a workstation).
When using an application like FileZilla and an incident is created, the incident properties doesn't display a destination field. Only information you will see is Channel, in this case Endpoint Application, and then an Application name, in this case FileZilla FTP Client.
The only way to detect FTP traffic using FileZilla is through the Endpoint Application Channel, but there is no destination, so you will never know to which IP or host files are uploaded to.
Therefore this is a feature request to add and actual destination (IP/host).
Cheers
C.
We are using Websense Cloud service to filter web traffic for all our ~70 locations worldwide.
All sites are connecting with a fixed public IP address to the cloud service, and all are configured as "filtered locations" on the service.
Also, we are running a "one-rule-for-all" policy.
By doing that we do not need to authenticate any user directly, and also no endpoint installation is needed.
What I am missing is a reporting on such client IP addresses' filter usage. I do get reports for users that are logging in to the service, but all traffic from any "filtered location" will listed as "unknown user" as a total only.
From the hybrid WSGA product (where we are going to) I know that the client IP address is part of the log data that sync service is receiving from the cloud, so I assume that this data is also available for the Cloud Service.
I raised a case with Websense technical support (#01349024), and was told that a feature enhancement request would be needed. This is what this posting is about.
**
Can you please add this feature to Reporting for Websense Cloud service?
**
Hi,
When we enabled the default "Encrypted Files" in DSS, we observed that in the incidents, all data at the "Forensics" tab is nonsense, since it is encrypted. It would be great if there is a feature to disable collecting this forensics tab and hence the storing of this encrypted file per rule. With this, we can also save some space, which will be crucial for the uses longing more than 2 years.
Thanks,
Hi,
Please consider to allow administrator to set endpoint message notification timeout before apply default action.
Some user feel it is very fast for the endpoint agent to apply the action before they manage to select the reason to allow the file to send out.
The following URL is blocked as it is deemed Potentially Damaging, and we are requesting to have it recategorized pending inspection.
The URL is http://www.rightlyconcerned.org/
Please let us know if and how soon this can be done.
Is there a way to block most of the popular fantasy football sites with a filter/policy without having to block individual websites? I did a quick check through the filters and didnt see anything but wanted to check with you all.
Thanks
In endpoint http/https channel, we want to excluded internal web-site before reached policy engineer, because that is internal workflow web-site and it had many post session, that is made the web-site respond slowly.