Quantcast
Channel: Forcepoint Community
Viewing all 2011 articles
Browse latest View live

Third Party Integration

March 4, 2013, 11:40 am
$
0
0

I have been asked by the Manager of our Windows Support Administration team if Websense can receive information from a third party product FireEye and pass it to Triton via an API or CLI so that it can automatically be blocked.  I have found references where Websense can take a feed like this and pass it on for review, but can something like this actually trigger a category change to enable blocking?

 

We are running Version 7.5 Standalone and all hotfixes have been applied.

 

Thanks in advance and let me know if any further information is needed.

Search

BASH Shellshock - CVE-2014-6271

September 30, 2014, 10:47 am
$
0
0

Admittedly I am not the brightest bulb in the box, but I need some advise.  When I reviewed the KB Article 'BASH Shellshock - CVE-2014-6271' it appears that this is targeted for sites using the V product appliances.  Is this correct.  We are a 7.5 Stand Alone site and I'm not sure of any actions that I need to take.

Thanks in Advance

Web Security Filtering / Policies

September 30, 2014, 3:19 pm
$
0
0

it would be beneficial to have the ability to manager user policies in user groups that apply policies like the user precedence. also to be able to keep machine and user policies separate so one does not take precedence over the other. also would be nice to be able to apply policies to a host-name instead of IP address. This would be much beneficial for DHCP clients.

Live Mail Flow and Message size

October 1, 2014, 3:43 am

Email subscription verification request

October 1, 2014, 8:05 am
$
0
0

I'd like to request the email subscription activity request (i.e. the email that is sent every 60-days to ensure the recipient wants it to stay active) is removed. The problem with this is that people don't see the message and then when they don't keep it active, they no longer have the daily reminder to what is quarantined. This is impacting my business because it gets overlooked.

I realize Websense could blame this on the end-user, but honestly, I don't see the value in sending this. I've had other solutions in place and this is the first one I've encountered that makes me "reconfirm". Please give this strong consideration to remove this option and just let it alert the user daily. If the user is no longer here, we delete them. In the meantime, they need this report and if they don't keep it active, days go by before someone realizes a message was quarantined vs. lack of replying.

 

Thanks,

Mike

Fatal Error while installing web security and filter 7.8.4

September 19, 2014, 9:11 am
$
0
0

Hello,

While installing websense web security and filter v7.8.4 I get the following fatal error message:

"Product: EIP Infra -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor.  Custom action SetupPostgreSQL script error -2147022676, :  Line 56, Column 1"

Kindly assist.

Regards. 

Is wisp trace different in 7.8?

August 11, 2014, 7:15 am
$
0
0

Hi there, I am trying to troubleshoot an http request issue for one of my users and am having some issues with wisp trace.

In 7.5 I used it and it worked fine but in 7.8 I get the following output instead of the blocked pages and user info that I used to get. Am I doing something wrong or has it changed?

Time = Mon Aug 11 15:07:48.105 2014
Message Length = 12
Protocol Version = 0x0420
Bit Map = 0x0
Message ID = 1407774334
Message Type =  Request
-----------------------------------------
Time = Mon Aug 11 15:07:48.111 2014
Message Length = 297
Protocol Version = 0x0420
Bit Map = 0x0
Message ID = 1407770423
ERROR: Invalid Request
-----------------------------------------
Time = Mon Aug 11 15:07:48.112 2014
Message Length = 280
Protocol Version = 0x0420
Bit Map = 0x0
Message ID = 1407774388
ERROR: Invalid Request
-----------------------------------------
Time = Mon Aug 11 15:07:48.113 2014
Message Length = 297
Protocol Version = 0x0420
Bit Map = 0x0
Message ID = 1407770165
ERROR: Invalid Request
-----------------------------------------
Time = Mon Aug 11 15:07:48.113 2014
Message Length = 347
Protocol Version = 0x0420
Bit Map = 0x0
Message ID = 1407770423
Message Type =  Request

Triton Cloud Security - Endpoint Client

October 2, 2014, 11:36 am
$
0
0

We are using the Websense Triton Cloud Security platform. When running the Websense Endpoint client on a Windows 7 computer with IE 11,Internet browsing has been slow and sometimes shows "Not Responding" and freezes the computer. Google Chrome does not experience the same extreme conditions.

 

 

If we uninstall the Endpoint Client and just keep the proxy address in IE, browsing is fast. There seems to be a definite issue with the WS Endpoint Client software and Internet Explorer.

 

Has anyone experienced these symptoms?

Search

Endpoint Client default PAC file URL and authentication issue?

October 2, 2014, 2:30 pm
$
0
0

This is a two part question.

1. I've just uninstalled version 1736 installed version 1833 of the full web/data endpoint client on my system to test with. When creating the 1833 endpoint package from the Triton policy server I specifically added the alternant port 80 URL for the PAC file. It seemed to be working fine over port 80 while on our internal LAN but when I connected to an external open wifi connection the auto configuration script changed the PAC file URL back to the Default port 8082 URL. I then connected back to our internal LAN and tried to change the PAC URL back to port 80 but now it will automatically change back to the default port 8082 URL. Has anyone had this problem and is there a way to force it to always use the alternate port 80 PAC file URL regardless of connection?

2. Earlier this year my user ID was moved from one OU in active directory to a new OU. When I am on the internal LAN my authentication is fine and I am authenticated as myself in the new correct OU so I receive the correct filtering policy. When I connected to an external connection to be remote filtered by the endpoint client, it is authenticating me as myself but in the old OU so it is giving me default policy access. Even the Active Directory hybrid context in Triton shows my user ID in the new correct location and I've synced it multiple times but it still filters me in the old location. Has anyone else ran into this issue?

Authentication Failure Logs

February 25, 2011, 2:28 am
$
0
0

We have websense as our proxy server which used users's active directory accounts to authenticate. There are quite a few users' active directory accounts being locked out and our domain controllers are reporting our proxy server as being the source, which is quite understandable.

However, the security log on the proxy doesnt show any authentication failures, so i guess my question is, does Websense log authentication, whether its sucessful or denied?

I've looked through most of the websense web inteface but with no joy

Thanks
James

Decreasing effectiveness of Email Security 7.3

June 25, 2014, 6:11 am
$
0
0

My company has been using Email Security (now at version 7.3, the last) since the early days of it being Surf Control.  Lately though, it seems that the amount of spam leaking through the cracks is increasing a significant amount, despite the server's update schedule running regularly.

I understand that this product is no longer getting version upgrades, but my question is: Is there any reason that it should be becoming less effective as time wears on, despite definition updates?  What can I point to to try and figure out how to get a better detection rate without cranking up the false positives?

Is there any reason that the Email Security Gateway or other Websense products would do a better job of filtering our corporate mail compared to our Email Security 7.3 with all the latest definitions, and if so, how significant would you say that change would be?

Issue with log service on upgrade - 7.5.1

October 3, 2014, 6:15 pm
$
0
0

Hi

having an issue getting the Log Service up and running. I had Websense 7.1 on server 2003, isa 2004, moved to a new server 2003 isa 2004 and upgraded to 7.5.1. installed everything apart from the log server, all was ok

trying now to install the log server and it fails saying software install complete with the cannot create database issue. permissions are all ok on the sql 2008 server. 

 the strange thing is, when i log onto the websense manager, i don't see any reporting tabs or anything. its almost as if its not installed at all

tried a complete remove of log server module and reinstall but no joy 

been through some FAQ and it asks me to match up the uid on config.xml and websense.ini, but the thing is, there is no uid for logserver in either. i manually installed the service and did the manual create database but had no luck

logserver -c gives me this

ERROR WFC.Network.Network.WsSSLSocket - read failed, wbsn::SysException: SSL_rea
d: An established connection was aborted by the software in your host machine.

 

any ideas?

general performance issues v5000 v7.8.1

October 6, 2014, 5:12 am
$
0
0

Hi,

i am just wanting to start a discussion around what features settings you can change to the websense appliances to improve performance.  We have 3 appliances that are managed and apparently in a load balanced configuration but im told that the way that the appliance load balance is to load up one appliance and then once full off load new sessions to the next one.

we have around 2000 users and we have done the most basic test which is to bypass the proxy and go straight out the firewall.  works great.  switch back to using a proxy and it runs so slow.  we have a very fast internet connection and we know that is not the bottleneck.

what im looking for is peoples experiences and what they may of done to improve performance.  from looking we have all the features switched on, tunneled protocol detection, file analysis etc.

My knowledge is basic on these appliances and working my way through them so if anyone has any advice on any performance tuning that would be great.

thanks

 

 

 

 

Fix the Log Database setup in the ESG

January 24, 2012, 6:11 pm
$
0
0

When trying to set up an ESG (v7.6.2) to its remote SQL server, the field in TRITON says you can use the host name or the IP address.

In fact, when you're using a remote SQL server and Windows authentication, the ESG installation program for TRITON very nicely builds the correct ODBC connection and fills in the Log Database field in Email Security with the FQDN of the SQL server.

So it you're using "websensedb.sql1.example.local" as the remote SQL server, it very nicely prefills that in.

But it doesn't work. The ODBC connection passes its Connection Test satisfactorily but when you test the connection from the ESG it fails. Not only does the FQDN fail, so does just the host name. You MUST enter the IP address of the SQL server and then it works from the ESG immediately.

We use CNAMEs for all database connections. This lets us do DR faster because we just have to change one DNS entry. But in the ESG we must use the IP address even though the ODBC connection on the same server works fine by the fully qualified CNAME.

Websense Cloud Web Security Disable, also remove IE proxy settings

October 6, 2014, 4:12 am
$
0
0

Please automate the below process when disabling the Websense client.

1. Right-click WS icon and select 'Disable'

2. Open IE, Settings -> Internet Options, Connections, Proxy Settings, un-check 'Use proxy server'

3. Close IE

4. Open IE

The above process can take up to 1 minute to complete; furthermore these settings are foreign to a basic end-user therefore training is required to complete this action .

All-in-all R.O.I for IT Departments was based on time saved not having to remove viruses from end-user machines due to the Websene protection; however now this is not the case. Time must now be spent training end users how to disable Websense.

Please automate the above process.

Best regards,

Alex

 

Search

Additional Anti-virus engines

October 7, 2014, 1:51 am
$
0
0

We would like to ability to select additional anti-virus engines in ESG.

New install download

October 7, 2014, 4:12 am
$
0
0

I have an existing Websense server that is being replaced with a new server.   I want to download Websense to install on the new server and then migrate the data to the new server.   At that point I will take the old sever off line.   All I can find on the site is Demo downloads.   Is that what I need to obtain and then apply the license to after all is set?  

Content Gateway: allow custom Redirect Hostnames when using IWA / Kerberos authentication

October 7, 2014, 5:12 am
$
0
0

Now that 7.8.2 and later allow the use of custom SPN's in the keytab principals list in smb.conf , can we remove the restriction that prevents you from using the custom SPN as a redirect hostname in the Global Authentication Options when using IWA/Kerberos?

This will help our larger customers who are load-balancing Content Gateways using a virtual IP on an F5 or similar, and are also using Citrix servers or have clients behind a NAT device and wish to enable cookie-based credential caching.

Feature Request - Scan Stats TO NOT reset on start of scan

October 7, 2014, 7:40 am
$
0
0

For example a nightly scan that may not complete has its scan stats reset every time the scan restarts.

There needs to be some way to view the scan statistics if it completes or doesn't complete.  This would assist with troubleshooting scan issues or to check actual progress.

Lync 2013 authentication prompt by Hybrid Cloud

May 27, 2014, 9:43 am
$
0
0

We have Internal users running Lync 2013 in a branch office that is filtered by the Hybrid Cloud service.  When users launch their Lync client they are prompted to authenticate to the cloud. If they cancel out the login box, they are able to connect to Lync normally.  

We have tried setting multiple Microsoft domains as an unfiltered destination as well as setting custom authentication settings to Auth Method - None for the domains.  

Has anyone else run into the same issue?

Thanks.

Viewing all 2011 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>