Quantcast
Channel: Forcepoint Community
Viewing all 2011 articles
Browse latest View live

Addiotnal RBL options

September 5, 2014, 10:23 am
$
0
0

I submitted this to support also, but wanted to also put out there for the community.

Currently in our v5000 appliances the RBL section only allows DNS url's to be entered. Other mail appliances also allow the action that you want to take such as SMTP reject, 5.x.x Permanent Failure return, forward to spam mailbox etc.

It looks like the v5000's just terminate the connection which doesn't tell the spammers that its no good, just that the connection dropped and they try again.

Per Spamhaus test:

 

I connected to x.x.x.x and here's the conversation I had:

Terminating conversation.

This is not a good thing, by the way.  It looks like you're using tcp_wrappers to close the SMTP connection before the SMTP server even has a chance to run.  This confuses some SMTP clients, so they immediately reconnect.  This can happen hundreds of times per minute, which has the same effect as a denial of service attack.  Much better to spit back a 5xx permanent failure message, then close the connection without waiting for a quit.

 

Search

Need to chaining with Bluecoat Proxy SG

September 7, 2014, 4:46 am
$
0
0

Hello,

I need to make the Bluecoat ProxySG as a cashing and the Websence as a web filter, after i following the below documentation the traffic is forward but without the client user display and IP.

http://www.websense.com/content/support/library/deployctr/v76/dic_wcg_deploy_chaining.aspx

 

Anyone know how to attache the username and IP with the traffic?

Thanks

One of the log servers stopped reporting to Triton Manager.

September 7, 2014, 10:25 pm
$
0
0

It was working fine earlier, don't understand how to fix this.

Feature Request: Ammyy Admin

September 8, 2014, 5:59 am
$
0
0

Hi.

Can you add Ammyy Admin to the protocol detection?

notification email to %destination%

September 8, 2014, 7:09 am
$
0
0

Hi all,  

We have a rule that blocks incoming files of certain file-types.  When that rule is matched we would like to send a notification email to the recipient or "%Destination%".  The user could then contact our help-desk to potentially have that message released after it is reviewed.  The problem is %Destination% is not a notification option which really surprises me especially when it is an option for the Subject line.  I get the fact that the DLP product is essentially designed to prevent data from leaving, but even so - the DLP product is what Websense also uses to filter incoming messages.  We can isolate the incoming messages easy enough, but notifying the users is a must for us.  Any thoughts?  Thanks

Blocking torrent magnet links

September 8, 2014, 7:55 am
$
0
0

Doe anyone out there in websense land have any idea if its remotely possible to block torrent magnet links with Websense web security? 

I have all the P2P protocol options blocked and it seems to do a so so job with blocking anything '.torrent' that doesn't use a magnet link but these days its all done with magnet links which makes that feature fairly useless.

I have seen suggestions to block all inbound UDP traffic on the edge firewall and thats a completely valid and plausible, not to mention should be done kind of thing for anything that does not specifically need it but that also only works if it switches gears from TCP to UDD.

Anyone out there have any other suggestions on how to accomplish this?

Differentiate between SPF hard and soft fails.

September 8, 2014, 7:15 am
$
0
0

I am shocked the ESG product does let you reject email based on SPF hard fail.  It lumps the option in with a soft fail which really makes the feature worthless.  Dropping emails based on SPF soft fails is a very bad idea and is going to cause a tremendous amount of problems.  This is something I would like to see changed.  These options need to be separated.

Perhaps this has already been discussed, if so I apologize.  

can't open a new case I have to call it in

January 5, 2014, 7:53 pm
$
0
0

Please advise what needs to be done on my account in order to open a case online. I dont want to always call in to open one. TIA

Search

Websense Endpoint MSI install via GPO

September 9, 2014, 2:36 am
$
0
0

I have created a combined Web Security and Data Security Web Endpoint using Websense's Endpoint Package Builder.

When I "unzip" the output exe and deploy the "Websense Endpoint.msi" via GPO it installs the Web Security part (Websense Web Endpoint Diagnosis Tool), but not the the Data Endpoint.

If I'd however use the exe for the installation, both icons (hybrid and dlp) are visible in the taskbar area.

I'd really like to use the msi instead of the exe though. Is there a special switch (eg. /dlp) I need to add to the msi in order to have both installed?

Webbrowsing slow due to NTLM authentication

September 9, 2014, 5:26 am
$
0
0

We have around 400 users that are setup to use Cloud Web Security via the PAC file.  We've had numerous complaints of slowness while using the PAC.  If the PAC is not used, browsing is tremendously faster.   

Browsing seems to be adversely affected as the day goes on and is normal, as far as my experience, during the morning hours.  

If we select "Authenticate only in these cases" rather than "Authenticate users on first access" under the Access Control tab, browsing seems to be much better, however our Websense reports show [Unspecified] for all traffic instead of actual usernames.  

Upgrade path from Websense Email Security 6.1.1

March 26, 2014, 1:35 pm
$
0
0

Hi All,

We are using Websense Email Security 6.1.1 on Windows 2003.

We want to upgrade to 7.3 on a newer OS.  When I read the documentation, the most recent OS supported is Windows Server 2008 SP2.

Does anyone knows if it can run on Windows Server 2008 R2 SP1, Windows Server 2012 or Windows Server 2012 R2 ?

Since we want to upgrade the OS also, we don't want to upgrade on the same server.

To go from 6.1.1 to 7.3, we need to pass by version 7.1.  

If we install 7.1 on the new server with the latest OS, can we export/import settings from the old server ?  When all of our settings will be installed in the new server with 7.1, we'll perform an in-place upgrade to 7.3.

Thank you for your help,

Dominic

Decreasing effectiveness of Email Security 7.3

June 25, 2014, 6:11 am
$
0
0

My company has been using Email Security (now at version 7.3, the last) since the early days of it being Surf Control.  Lately though, it seems that the amount of spam leaking through the cracks is increasing a significant amount, despite the server's update schedule running regularly.

I understand that this product is no longer getting version upgrades, but my question is: Is there any reason that it should be becoming less effective as time wears on, despite definition updates?  What can I point to to try and figure out how to get a better detection rate without cranking up the false positives?

Is there any reason that the Email Security Gateway or other Websense products would do a better job of filtering our corporate mail compared to our Email Security 7.3 with all the latest definitions, and if so, how significant would you say that change would be?

Unbale to delete intermediate file

September 10, 2014, 2:39 am
$
0
0

I am Perl Script provided by Websense to download traffic log to local machine;

I use the cmd in windows 7 as 

C:\Users\sam\Desktop\wesense>full_traffic_log_download.pl -u username -p password -d C:\Users\kushal_kumar\Desktop\Websense

But i get following error and then process terminates

Downloading filelist from sync-web.mailcontrol.com as username

Downloading https://hlfs-web-g.mailcontrol.com/logs/hosted_agg02g_39356_x.x.x.x_100_141032937

2_1.gz to C:\Users\sam\Desktop\Websense\/hosted_agg02g_39356_x.x.x.x_100_1410329372_

1.gz

C:\Users\sam\Desktop\Websense\/hosted_agg02g_39356_x.x.x.x_1410329372_1.gz saved


 unable to delete intermediate file C:\Users\sam\Desktop\Websense\/C:\Users\sam\De

sktop\Websense\/hosted_agg02g_39356_x.x.x.x_100_1410329372_1 : No such file or directory  at

C:\Users\sam\Desktop\APT\full_traffic_log_download.pl line 511.


Thanks fo the help 

Feature Request - SaaS Status

September 10, 2014, 2:49 am
$
0
0

I know it's not the exact right place but I couldn't find a forum for the website itself. It would be very useful to have an area on the website that displays the status of the various components and data centres that host services.

 

There is currently an issue with Web Security Gateway Anywhere covering multiple data centres with SSL sites (Although normal sites appear to be intermittently affected too) but nowhere on the site to find out the current status like Microsoft's hosted services etc. I had to log a priority 2 ticket to find out whether there was an outage.

 

It would also be useful if this same information was pushed as Alerts to the Triton console.

SSL Decrypt Bypass

September 10, 2014, 4:15 am
$
0
0

When SSL scanning is used and you want to bypass a specific URL you normally need to add the IP address of the URL. It seems that a URL will only work IF the IP address of the URL is registered in the Master database.

the the moment there is no way to test if a URL will work or not.

The request is to have the ability to test if a URL will work if entered into SSL Decrypt Bypass.

Search

Original Categorization

September 10, 2014, 11:26 am
$
0
0

We have Websense here for many years. We have a V5000 appliance with version 7.5.0 software

Over the years we have had to recategorize many websites and our filter policies have changed along with them. For example, at one time we blocked most online radio stations, but not all. So a few were just placed into Business and Economy.  Now that ban was lifted. Overall our blocking has become less restrictive. 

Is there a way I can find out what the normal categorization of a site is, so I can clean up our site list a little? 

'Test Filtering' button in Toolbox not available for Delegated Admins

September 10, 2014, 12:26 pm
$
0
0

I have a customer who has set up some comprehensive Delegated Administration, which is working well.  However they have noticed that these delegated admins do not get the 'Test Filtering' option.  This is apparently by design - if you go into the Delegated Admin Role section, under Reporting Permissions, it tells you that if the DA Role can only report on managed clients, Test Filtering in the Toolbox will be unavailable.

The customer has questioned this, as he says it would be an excellent feature for his DAs to have.

Would R&D consider adding this in as a feature?

Thanks

Mel

How to upgrade from 7.6..2 to latest

September 11, 2014, 12:17 am
$
0
0

hi ,

 

i would like to know how to upgrade from version 7.6.2 to latest version ? 

Any guide ? 

My server is running on Server 2008 R2 Standard .

TQ

 

Regards,

June

 

 

How do I get Websense to permit EVERY site under .gov?

September 11, 2014, 8:41 am
$
0
0

I need everything that ends in .gov to be allowed through Websense. How can I do this?

All versions

Using Windows

Thank you

A10 SSL Intercept

August 27, 2014, 12:29 pm
$
0
0

 

In order to provide better filtering with Triton and other products used in house for protection my firm is looking at an appliance A10 SSL Intercept.  This appliance will receive port 443 traffic, decrypt and forward to Triton on port 8080. We are a 7.5 standalone version. Is this possible and has anyone done this before?  If so can I be pointed to the appropriate documentation to prepare for this? 

Thanks

Viewing all 2011 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>