Quantcast
Channel: Forcepoint Community
Viewing all 2011 articles
Browse latest View live

Filter 7.1 intermittently failing to access SSL sites - Error 107 (net::ERR_SSL_PROTOCOL_ERROR):SSL protocol error.

February 15, 2013, 2:44 am
$
0
0

Hi

We are using Web Filter 7.1 on Windows Server 2003 with a Juniper firewall. Our users are finding that access to SSL enabled sites (google sites, microsoft office 365, Gmail email attachments) is intermittently giving an SSL connection error and not presenting content.

If we refresh the page repeatedly we eventually get through, and I can see the details of the site's certificate.  When we get the SSL error, I see only a "identity not verified" error instead of the certificate.

It's happening throughout the site, on a variety of clients.  I have reinstalled network agent and web filtering services, with integrated and universal mode.  I find that if I restart the web filtering service our users get through without errors for about 10/20 minutes but then they start reappearing again.  If I turn off the web filtering service the errors stop and we get 100% connectivity.

Technicians have been unable to find a fix - anyone got any ideas please?  We are a heavy Google Apps using school, but we have had to turn off the filtering service (email, Intranet, docs were unusable) which is a real liability.

Search

Filter Incidents Based on Rules

February 7, 2013, 1:23 am
$
0
0

Hello everyone,

Based on the discussion with our clients using Data Security I would like to submit simple feature request for "Filtering Incidents Based on Rules". Please see screenshot  :).

This simple feature could stronly improve DSS policy logic because user could not only filter incidents based on rules nor policies but also create reports based on rules (matched). 

Please let me know whether this simple feature request has been put to the rodmap list. Thank you.

Kind Regards,

Martin.

For full screenshot view please "right click and open url in new window".

Filter incidents by Source base on Active Directory Group or OU

September 9, 2013, 3:30 am
$
0
0

Data Security can integrated with Active Directory. But Filter incidents by Source onoy support user, computer, domain, not support filter by OU or Group.

Unable to Change Database Rollover Options

November 27, 2009, 7:17 am
$
0
0

We've reached the maximum size of the default db size 5120, and I'm trying to change the "roll over every:" field to increase the size of the db, but websense won't let me change it.

I've tried incresing the mb size, changing it to a week or a month, dosen't work, I get the green "Roll over options have been updated successfully " but it dosen't actually change anything.

Websecurity logfile will not create new database for rollover

September 9, 2013, 10:30 am
$
0
0

A new partition is not being created for rollover.  Our Database Admins can see that the function to create the new partition fails because it believes the account does not have permission.  The account has full permissions.

He did find that in the wse_db_config database the "allow_rollover" field value is set to zero.  We are thinking this should be a "1". 

Is this assumption correct? Can we manually change the values or will that create other issues.  This appliance is just about to go production so the data I have can be deleted and the database re-created. If this is a better option how do I do this?

 

Thanks

 

Installing new server at second site - Can you use different websense versions?

September 9, 2013, 2:56 pm
$
0
0

I will try to keep this as brief (but still detailed) as possible. I apologize in advance if this question has already been covered, I've not had much luck in digging up the answers to my questions.

 

Long story short: I have 2 locations, my main location (let's call it "A") is currently up and running on Server 2003 R2 using Websense Web Security 7.6. This was the only option I had at the time. I have ordered a new server for site "B" and will be running server 2008 R2 on it.

 

Because the hardware is going to be newer at location "B", I would like to move the Policy Broker and Database to the new server which seems straight forward enough; however, the question I have is, can I run Server B on 7.7 running the Policy Broker service and still have it play nice with Server A or do I need to install 7.6 on my new server as well?

 

The way I see this going will be build new server (Server B), install Websense on it, make a backup of the Policy Broker and Policy Database from Server A, restore to Server B, disable or uninstall Policy Broker from Server A, make sure they can both see each other, and go on with life. Sound about right?

Better SSL clustering support

August 25, 2013, 7:51 am
$
0
0

When using a WCG cluster, only the SSL Master server can maintain the SSL incidents as the SSL clustering currently works different than the clustering of the other non-ssl configuration. This poses a problem in the following scenario. When clustering and using a PAC file or other means to distribute load among multiple WCG servers, it is possible that SSL incidents will be created on a WCG server that is not the primary source for SSL Configuration. One would have to manually copy this SSL incident to the primary SSL Master server to avoid the incident from getting over-written from the master SSL server.

So this feature request is to allow SSL incidents to be copied from non-SSL Master WCG servers to the master.

Custom Block Page to email Helpdesk and include blocked link.

August 26, 2013, 7:22 am
$
0
0

Hey all;

I thought I read a post regarding this question in the past but I can't find it now.  I'm wondering if the Block Page can be modified to contain a link to our Service Desk that the user can click on (no problem) to email them with a request that contains the blocked link.

The blocked link is listed in the block page message, along with the reason for the block.  An issue our Service Desk has raised is that the users just close the block page then call with "I can't get here".  The issue is compounded when it's not the actual site they are visiting but rather an embedded link contained on the site.  Think Scribd or Slideshare as examples.

Thanks,

Search

WCG SSL Inspection and support for Hardware Based Cryptography Devices

August 21, 2013, 10:46 pm
$
0
0

When enabling SSL inspection and adding the WCG as a subordinate CA to the Windows Enterprise CA, the private key stored on the appliance introduces a security risk.


If the private key were to be compromised or obtained through some form or other,it can be used it to impersonate the rightful owner during communications and transactions. For this reason, many organisation's PKI policies require the use of hardware-based cryptography devices to store private keys.


Private keys are stored on tamper-resistant hardware rather than on the computer's hard disk drive. All cryptography takes place in the crypto-hardware, so private keys are never revealed to the operating system or cached in memory


Support for these sorts of devices would be a welcome inclusion to the WCG

Websense Web Security 7.7.3 with Squid 3.3 + ICAP on CentoS 6.4 // Authentication

August 25, 2013, 9:47 am
$
0
0

Hello everyone,

 

did somebody manage to get the combination to run with user-identification passed from Squid?

Squid is working fine, authentication is runing fine, i can see the users in the logfile.

ICAP sends the username - but it does not seem to "arrive" at the right place in Websense - at leas there is no filtering based on usernames or groups ...

I tried with "Mixed mode" and "Active Directory" but none works.

Anybody does have a helping hand here ??

 

Thanks in advance!

Joerg Hermanns

 

Test

September 10, 2013, 9:41 pm

Permit App Store - Regular Expression - Akamai

September 11, 2013, 3:48 pm
$
0
0

Web Filter v 6.3.2

The company wants Entertainment > MP3 and Audio Download Services blocked, but permit all Apple services (itunes.com, apple.com, app store...)

So I have protocol itunes permit, MP3 and Audio Download Services blocked and the the following re-categorized to finally get App Store to work.  

Testlogserver showed me all the url/ip that was being blocked for App Store along with others that I will probably have to do more testlogserver to find out...

https://96.6.98.217:443/

https://23.11.82.217:443/

https://23.12.130.217:443/

https://23.3.18.217:443/ 

http://apple.com

http://itunes.com

http://mzstatic.com

^https://17\.   (this is for the whole 17.x.x.x, which I found online)

 

So I looked up the addresses that App Store uses, it belongs to Akamai.  "The company (Akamai) operates a network of servers around the world and rents space on these servers to customers who want their websites to work faster by distributing content from locations close to the user. When a user navigates to a website, such as Whitehouse.gov, Bing, Facebook, or Twitter, their browser is redirected to one of Akamai’s copies of this website, almost entirely invisible to the vast majority of its users. However, since SSL is designed to highlight hidden intermediaries, Akamai has struggled to make secure web pages work with their service, and an attempt to connect to a popular website over HTTPS will often reveal Akamai."

 App Store uses Akamai.  I want to open up the range 23.0.0.0 - 23.15.255.255

96.6.0.0 - 96.7.255.255.  How do I write up the regular expression to open up that range in websense?

 

 

 

Assign certain administrator(s) to incidents/policies automatically

September 12, 2013, 4:35 am
$
0
0

By default, any created incident is Unassigned. When we create an administrator, we can select assigned incident to this administrator. But, we have to assign the incidents manually. There can be such a system, so that when an incident is created in a certain policy, the incident is assigned to a certain administrator. By this, the notifications to a newly assigned incident will go to this administrator, and the handling of the incident will be easier.

Hide predefined reports to some administrators

September 12, 2013, 4:42 am
$
0
0

In a customer environment, they have a team of 3-4 people which handles the incidents by their severities. We have created reports for each team member having different severity levels. One team member cannot see the teammate's report, but in the predefined reports, it shows all of the incidents of the policy, not separated by the severity. So, there could be a way to hide the predefined reports for these team members.

Upgrading from 7.6 to 7.7

September 12, 2013, 10:34 am
$
0
0

I've been seeing some inconsistencies with our Websense filter and noticed we are behind a bit as well. I figured that upgrading it would be prudent to see if that resolves any of the small issues we have come up from time to time.

Can I go straight to 7.7.3 from 7.6.2 or do I need to go to 7.7 first and then upgrade once more? Is there anything I should keep in mind doing the upgrade? I'd like to do it in-place.

Search

Authentication Service Identity provider Metadata Idpmetadata

September 13, 2013, 1:14 am
$
0
0

Hi,

 I have just installed Cloud Web Security (Web Filter) and I am having trouble with the inputting the Idp metadata

 all the guides say to simply copy the url from the federation section in my authentication virtual app and paste it into the Websense cloud portal. This does not work and im not sure how it would work as the URL references one of our internal servers via its dns name the websense site been external im not sure how this is supposed to work

The websense Support team have so far been no help what so ever and I am aware there are other authentication methods but we want to use the authentication service.

 

Anyone have any ideas?

 

Thanks.

Websense 7.7 - LogonAgent issue

September 13, 2013, 2:19 am
$
0
0

Dear All,

first of all I'd like to say hallo to all community! This is my first post here so please be patient if i force any rules o this forum.

Recently i've installed websense web security 7.7.3 with integration to TMG. All according to documentation :

 - separate machines for websense and tmg, server site are 2008 r2, domain in mix mode

Filtering works fine based on DC agent(session are collected and well filtered) however i cannot force filtering base on Logon Agent (using logonapp on pc site).

From debugging on pc seems that NTLM might be the problem...but according to DOCs seems that ver 7.7.3 works well with NTML v2 on both server and client site.:

http://www.websense.com/content/support/library/web/v77/logon_agent/logon_agent.pdf

"Client machines must use NTLM (v1 or v2) when authenticating users."

Can anyone confirm this? So that I can focus on some other possibility (fw is not a problem, i see in netstat that sessions are established between pc and logonagent). Seems the problem is for sure between pc and logon agent handshake.

 

This is  my debug result:

LogonApp can not reach the Auth.Server [SERVER] in the final attempt. (Invalid status code, error: 503)

and info:

http://www.websense.com/support/article/kbarticle/LogonApp-cannot-reach-the-authserver-in-the-final-attempt-invalid-status-code-error-401

"If you see 503 Service Unavailable, it is possible that the NTLM settings are set higher than version 1."

 

I would appreciate any help.

 

regards

 

 

 

 

Block page differs from test filtering result

September 13, 2013, 6:39 am
$
0
0

All

Using v7.7.3 I can use the Test Filtering toolbox feature and the result says CATEGORY NOT BLOCKED but I get a block message!

How do I figure out what is happening?

Dave

Dashboard Not Showing Suspicious Network Activity

September 13, 2013, 9:26 am
$
0
0

The Dashboard Threats tab is not showing Suspicious Network Activity.  All the events are checked.  While the rest of the tabs are showing current Risks, Uasage, and System data.  I used to have inforamtion before the current build?  Am I just that lucky or did a parameter get changed?

Unified Security Center build:7.7.3.11
Web Security build:7.7.3.1147

Left and Right Navigation Panes

September 13, 2013, 10:33 am
$
0
0

I'm new to using Websense and just starting to use it as an administrator.  When I log in the Left and Right Navigation Panes are hidden.  I have to open them everytime.  This does not happen to my other colleges.  When they log in their dashboard has both of their navigation panes already open.  I would like to set this but I cannot find anywhere to change this view.

Does anyone know how to configure the dashboard so that both the left and right navigation panes are open upone logging in?

Thanks,

Chris

Viewing all 2011 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>