I finally migrated the application off of the V5000 appliance. One reason we did so was that we could receive forensic data on the risk incident alerts. However, I have not found any alerts to contain any forensic data.
Is there something that needs to be setup in order to have forensic data show up? It always says "None were captured with this incident".
The below is my mail to websense. Still they cant resolve the issue, i will be switching to new product soon
I have spent almost 5 to 6 hour of my time with the various support team for the resolution and nothing achieved till. And I am sure it is a software issue the upgrade will resolve I am sure it is not a network related issue because nothing is changed in our network for the last one year and we don't have other issues in the network. I can see the troubleshooting sessions had lot of changes in many files and many settings files change and consumed more time. I am sure the upgrade will not take that much effort and time as a experienced support persons. Not sure what is the hesitations and risk and why it is not in the scope of support as we are eligible customer and it is your product. As a customer we are not expert in doing this and it will be difficult for us. Similar issue happened on our symantec antivirus server, and support team of symantec upgraded the software during the remote session based on our request and resolved the issue in one remote session within one hour time. I can send the symantec report to you if you want to know how others support is? Why I am sayings this is I don't understand why websense is not doing this service to their customer. I am not happy at all the service of websense and the support is very poor in terms of my experience. If you still not willing to help us and don't want us to use websens, please close this ticket and we will need to review our usage of wesense and might consider to switch to other vendor. They are ready to give their solution with competitor price. Note that since this bad experience, we might need to review our DLP solution to other vendor. No more explanation is required please close this ticket if you don't help us to upgrade our product remotely. I will forward all the corresponding upon the closing to the websense management and sales for their understanding and for their future commitment to atleast other customers why thy can't do the remote upgrade service?
Customer is running 7.6.7 and the are testing for vulnerabilities and they are getting vulnerability CVE-2003-1418.
I cannot find any info about this issue and I was wondering if this have been fixed in newer version or not.
I habe just updated my setup to 7.6 and then added the Real Time Monitor Component. Its showing in the menu and when i click on it it opens in the right hand pane of the browser, but nothing shows in it. Despite the fact that investigative reporting is showing activity happeing that Real Time Monitor should be picking up.
Any suggestions ?
I just built a Websense policy server and 3 filtering servers, all housed in our corporate headquarters. Across our enterprise, we have 70 or so Juniper firewalls that have Websense redirects which each configured to one of the 3 filtering servers. I was wondering if we could create a VIP on one of our existing A10 hardware loadbalancers that all of our Junipers could redirect to, and then the load-balancer would forward on to one of the filtering servers?
I'd assume we'd need to ensure all/any needed ports would be allowed thru the A10. Just curious if anyone has been successful doing this method of having one vip address on a loadbalancer, push to several filtering servers.
Thanks!
Hi All,
Running Websense Web Security 7.6.2.
Currently when users unplug their laptops at their desk and head to a meeting room and plug in there it can take 30 minutes to an hour (some cases, even more!) for Websense to apply their access.
I know this is because the new IP address they've been given hasn't been identified through DC Agent yet (I've checked XID maps), so they get granted the default policy.
The query interval for DC polling is set to 10 seconds both in TRITON and the configuration file with a 24 hour timeout.
DC Agent is the only transparent identification we have going on at the moment. Is Logon Agent going to be the only solution for this?
I was thinking about enabling the 'prompt user for logon information' option, but the impact to services running on servers is unknown thus isn't an option.
Thanks!
Can I take it from this: http://www.websense.com/support/article/kbarticle/How-to-Back-Up-and-Restore-the-7x-Policy-Database that I can back-up my policy from our 7.1 installation and restore it to a new 7.7 installation?
Thank you.
When performing investigative report filtering by userid I receive in "Select User" box several lines (sometimes 3 or 4 lines), for the userid being searched. These lines are about the same user indeed but when selecting one by one we can see different reports about the same user. Could someone explain why this happens?
Google docs is categorise as Personal Network Storage and Backup.
Personal Network Storage and Backup is current blocked within our business.
However, we want user to access Google docs.
I have created a new custom category for google and allowed it. i.e. with the url's of
docs.google.com
drive.google.com
The problem is that, sometimes Google docs is permitted and other times its blocked.
For example in the "real-time Monitor" when I got to Google docs/drive it shows the IP address of Google. i.e. https://173.194.41.130/ and the category of "Bandwidth : Personal Network Storage and Backup" and its blocked.
How can I fixed this?
Any advice would be great.
Thanks,
James
Hi all,
we have migrated to Websense Hosted Web Security and Hosted Email Security. Users are synchronized from our Active Directory including NTLM IDs. Transparent NTLM identification is enabled for all users.
This works fine for all users with an e-mail address. The others however are reported as synced according Directory
Synchronization Client (claims to have synced 1407), but do not show up when searching for end users (only displays 985). Status in Recent Synchronizations is "200 OK". Transparent NTLM identification does not work and the users have to register manually.
Could you please tell me what may have gone wrong?
Thank You
lomo
I recently began preparing the upgrade to 7.7.3 from 7.6.2. When I was confident in the steps involved to upgrade I of course began the upgrade process one night. I see the Welcome screen then hit next. I see the Agreement and agree then hit next. Then it skips all the way down to Pre-Upgrade summary.
In the summary it wants to install SQL server on the websense server. The SQL database is on a separate server which is the SQL server. Granted when I initially setup Websense, SQL was installed on the Websense server. After the trial was up, we purchased the product and soon after moved SQL to another server. The setup doesn't give me a choice of where the SQL database is.
Has anyone seen this before? Any ideas on how to proceed?
Just did a fresh installation of Websense Web Filter in a stand alone configuration. Our port monitoring/mirroring is set up on our core router. I have two NICs...one is used to access and manage the server and the other is just for monitoring and I've got it set accordingly in the local settings.On the monitoring NIC I have the monitor list set to ALL.
For the life of me I can't figure out why I don't see any traffic in testlogserver. I've set up the monitoring NIC two ways...as promiscuous by unbinding the TCP/IP from the NIC and not assigning an IP...and I've assigned it an IP...either way I don't get any traffic. When I browse the internet on the local websense server the testlogserver sees that traffic, just doesn't see any traffic from our LAN.
I'm pretty sure the monitoring/mirroring ports are set correctly because our old websense server running 6.3 saw traffic on the testlogserver using the same ports. Is there a setting in this new installation that I can check that I'm overlooking? I'd like to see if I can get it resolved without having to use an incident by calling in to support. Thanks in advance.
Also, when I go to the logging settings and click check status it says connection succeeded.
Please add the dependencies for the windows services so that in case of RTM restart it is enough to restart the RTM Client and the other services will be stopped and started in the right order.
sc config WebsenseRtmTomcat depend= WebsenseRTM
sc config WebsenseRTM depend= WebsenseRtmDb
Thanks,
Peter
We have been using Websense for two years now, thankfully our contract will soon be up for renewal. Technical and customer support is by far the worst of any service company I currently deal with. Initial responses from support staff are inadequate, effectively emailing you to say they have the problem noted. Then nothing for days at a time. We currently have a case which has had no response from Websense for twenty five days. Is that acceptable?
We are using the V5000G2 appliance, and each patch release is worse than the last. I have never been able to successfully get a patch installed without it breaking other parts of the product or requiring several remote sessions to get it working. It’s not good enough for the price you pay
Websense is an overcomplicated product which is disjointed and difficult to manage. It requires a lot of internal support hours to have it running effectively. There are very few technical consultants with Websense that I have worked with which are actually knowledgably about the product and able to support it well. Often the support consultant expects you to know the product inside out, I’m sorry but this is why we pay for support!
I would not be happy recommending Websense to anyone and it will be difficult to be persuaded to stick with this product.
Cannot call into support the line drops.
Dear all,
I am facing following problem.
Users has installed Web Endpoint and going through Web Cloud for YouTube websites.
After watching 1:15 min of the below URL, movie suddenly stops and is not moving further.
http://www.youtube.com/watch?feature=player_detailpage&v=SI_5brKL89g
Maybe someone have seen or have had such problem ?
Thanks for reply.
Best Regards,
zurawdom
We have implemented YouTube For Schools integration with Websense Web Security. Websense properly rewrites URLs to append the edufilter string to queries from web browsers on our Windows 7 clients. However, we have discovered that our iPads connect to the m.youtube.com mobile YouTube site and Websense does not append the edufilter string, allowing unlimited access to YouTube videos. How can we correct this behavior so that all of our clients are properly filtered using YouTube For Schools?
We had an incident where someone thought they password-protected an email attachment but didn't. It got stopped on the ESG and now the very confidential attachment is sitting in Data Security.
A support case reveals there is no way to delete a DLP incident. While we could force the forensics to be deleted on Close, that would kill everything we need to keep.
We get why it's not advisable to delete DLP incidents, but in a case like this not deleting it carries more risk because the confidential attachment will be there for our three-year retention requirement. Deleting an incident should leave an audit trail so people know when it happened by whom and since DLP is not our only logging tool, other evidence would exist about the incident.
If there was a way to password-protect a specific incident to lock it from being viewed, that would also help.
As an aside, we also use DLP to block inbound executable attachments. Being able to delete those would be great so nobody accidentally releases one.
As per this thread here ...
http://community.websense.com/forums/t/34322.aspx
And support call 01178079
It would be great if you could apply policy on both user group and Network range; infact it would be great if you could mix and match policy's against any of the identified methods within the product.
Drew.