Quantcast
Channel: Forcepoint Community
Viewing all 2011 articles
Browse latest View live

BCP failing

November 12, 2014, 6:37 am
$
0
0

Should MS SQL tools be reinstalled?

Here is what I'm running into. The investigative reports stopped updating. We are using BCP. In TRITON, under the Settings tab then Log Server, all of the "TEST" buttons gave a green "Successful" message.

Upon further investigation I found that the "...\bin\cache\bcp\" folder contained a folder called "err". In that folder are .log files with error in the name. For example there is a file called bcp8ED6.tmp and also a file called bcp8ED6-error.log. There are many of these in this folder.

I looked in the LogServer.ini file for the location of the BCP.exe. I then opened a command prompt and changed to that directly where Websense is looking for bcp.exe. I then executed the command bcp.exe and I get the usage options. So I know that BCP.exe does exist and is at the correct folder.

I then changed our logging from BCP to ODBC. After this change the investigative reports started updating. This leads me to believe that there is something wrong with BCP. Has anyone else ran into this issue and if so, what did you do to fix it? Should I reinstall the SQL tools which should also reinstall BCP?

Thank you

Search

Cache not transfering to database after 7.8 upgrade

November 11, 2014, 8:18 am
$
0
0

Last week I upgraded my Websense Web Security from 7.7 to 7.8.  Ever since the upgrade, nothing is getting written to the Log Database.  Filtering is still working just fine, but the cache folder is filling up and not getting transferred. 

We have a separate SQL server for our database, running Microsoft SQL Server 2008 R2.  Nothing has changed on that server.  The Log Server and Database setting tabs in Websense are seeing the database artitions and the test connection is successful.  However still nothing is written.  I also tried changing from ODBC to BCP but that didn't work, just changed where the cache was going.

The two alerts I get are "The cache directory for a Log Server contains more than 100 cache files." and "The Log Database ETL job has not completed successfully after 4 hours on the database machine at xxx.xxx.xxx.xxx"

 

Any idea what could be wrong?

Thanks for the help.

Feature Request - SIEM integration for Syslogs from appliances

October 15, 2014, 5:27 am
$
0
0

Hey all

We would like to have the same feature which is given in Triton - forwarding Syslogs to an external syslog Server for the Websense Appliances. Currently we have Filtering logs in our SIEM but no Appliance Syslogs. Like this we can't see if the appliance is running in a good condition or if there are issues with it. Currently it is only possible to access the Syslogs by the webinterface.

As we don't have a SNMP Infrastructure we are not receiving alerts coming from the appliance right now, which can be serious if something occures on the appliance itself. (e.g. Messages log)

The feature should work like the one on the Triton Management Server -> Sending Syslogs to a specific port which can be caught by our Log-Gatherer.

For more information either contact me, Tobias Traebing, or your Engineer "Harmony Sabum" as we discussed this issue together.

Thanks in advance!

 

Best regards

 

Michael

 

Ability to delete logs on v-series appliances

November 12, 2014, 7:40 am
$
0
0

I need the ability to clean out the logs myself.  I had to call support to do an upgrade from 7.8.2 > 7.8.4 (I use a V5000G2) because there wasn't enough disk space on the box.  Yeah it was my bad for leaving full logging on (surprised this didn't crash the thing to be honest) but having to call in, on a weekend, was a hassle.

Thanks!

Web Security Dashboard - Threats tab- Suspicious Events Summary

November 12, 2014, 9:03 am
$
0
0

Can you add a Notes/Comments and Acknowledgement functionality to the list of entries in the Suspicious Events Summary?  That way I can keep track of  findings when researching the events, and clear or acknowledge them, after they've been remediated or determined to be benign.

Cannot update email alerts

November 13, 2014, 2:44 am
$
0
0

Hello,

 

I have a problem where I cannot update the email alert settings within web security running on 7.8. I have imported the existing policy settings from a 7.5 server and it wont allow me to change the settings. I keep receiving an error "The email address does not use the required format (username@example.com)." even when I am using the correct syntax. I have tried disabling the settings and deleting all the info within the fields but the old policy settings seem persistent no matter what I've tried to do. 

I am wondering if I need to edit a config file which holds this information rather than using the web console?

Many thanks

Websense 7.1 moving from CheckPoint Firewall to Cisco ASA

November 13, 2014, 9:44 am
$
0
0

We are replacing our Checkpoint Firewall with a Cisco ASA in our existing Websense 7.1 environment. on 11/15/2014 and  I am looking for information on how best to get this accomplished without doing a complete re-install of the software.  I understand from some reading I have done that the filtering agent will need to be re-installed, but I also read the Network Agent may or may not have to be re-installed and some service need to be stopped while others need to be running, etc, etc...!  Has anyone ever done this and if so, can you possibly provide me the steps I need to take in order to get Websense 7.1 working with the ASA.  Thanks in advance for the help.

http site blocked, https not blocked

August 31, 2010, 1:52 pm
$
0
0

NEWB QUESTION:     When going to something like http://www.facebook.com the site is blocked.   If you change this to https://www.facebook.com then the site loads.  I do get a net messenger notice but it's just that it doesn't block anything.    I do have https allowed in the protocol but we will need to have this as there are several sites that our users use that need https access

Search

Feature Request - Ability to release message and add to always permit with single action

November 13, 2014, 10:42 am
$
0
0

We would like to suggest a feature whereby there is an option when releasing a message from within the PEM to add the sender to your Always Permit list.   This could be a checkbox within the confirmation pop-up.   Similarly the ability to add a sender to your Always Block list when deleting a message.  

Websense & Xen 6.5

November 13, 2014, 10:47 am
$
0
0

We are currently running Websense 7.5 on windows 2003 servers with Citrix integration on our Presentation servers.  We are in the process of upgrading to Xenapp 6.5 which runs on 2008 R2 64-bit servers. I know we have to move to Websense 7.8 to work with Xen & 64-bt 2008 servers, my questions are:

1) can we upgrade our current setup so we don't lose our current security/filter settings

2) even though it is not compatible with our xen servers shouldn't I at least be able to SEE the web traffic in my current websense?  I don not see any web traffic at all from the Xen servers.  I realize without the Xen/Citrix integration add-in I would not see who is going where, but I figured I would at least be able to see that someone was going somewhere via their Xen IE session - am I missing something?

 

Thanks

Filter/Show incidents by rule name

July 16, 2014, 2:18 am
$
0
0

Dear Websense!


I would like to request a Websense Data Security enchancement which is the following:

It would be good if we could see the name of the rule in the incident reports page ( if there is multiple rules under one policy ) and filter by the name of the rules.

Thank you in advance.

Auditor role that can use check policy in toolbox

November 16, 2014, 7:54 pm
$
0
0

Normal 0 false false false EN-PH X-NONE X-NONE MicrosoftInternetExplorer4

Hi Websense!

It seems that auditor role and or other role cannot use the check policy option in the toolbox section (except for SuperAdmin role). We have created a ticket and escalated this issue to Websense Global TS but I was told that this is not possible for now.

see screenshot for reference.



Snipping tool

November 16, 2014, 8:02 pm
$
0
0

Hi Websense,

Normal 0 false false false EN-PH X-NONE X-NONE MicrosoftInternetExplorer4

Request: To block/audit screen capture when user use a 3rd party tool (MS Snipping tool and SnagIt).

Normal 0 false false false EN-PH X-NONE X-NONE"print screen" function only specifically refers to the print screen button.

 

bandwidth in chronological order

November 16, 2014, 11:52 pm
$
0
0

I want to create a chart with the bandwidth in chronological order to see the evolution of the used bandwidth from day to day. Today it is only possible in ordered by bandwidth.

Upgrade from 7.8.1 to 7.8.2 fails: •ERROR:disk space checking failed: the free disk space of domain wcg (7674160 K) does not meet the patch requirements (2097152 K)

April 15, 2014, 12:40 am
$
0
0

When upgrading our V5000 G2 appliance I am getting the following error:

•ERROR:disk space checking failed: the free disk space of domain wcg (7674160 K) does not meet the patch requirements (2097152 K)

It seems to me that 7gb is more than the required 2gb right?

Thanks for any help!

Search

Alternate ways to apply exceptions

November 17, 2014, 12:42 pm
$
0
0

We'd really like to be able to add in exceptions and apply them to  an address range. Would make it easier to select certain buildings that we want to have more strict security.

Allow full configuration of dynamically generated end-entity certificates

November 17, 2014, 3:55 pm
$
0
0

The current (7.x) version of WCG is hardcoded to generate 1024-bit RSA end-entity dynamic certs. I understand that the upcoming 8.x version will increase this to 2048-bit RSA certs, but it will still be hard-coded. Also, there are in increasing number of ECDSA certs being used in the wild now (especially from Google and Cloudflare).

Please consider supporting ECDSA end-entity certs (either chained from a single "internal CA" cert or by supporting two internal CA certs, one RSA and one ECDSA), and then allowing the dynamic cert generation to be fully configurable by the WCG administrator, allowing us to specify:

a) min and max RSA key length (eg min = 2048, max = 4096)

b) min and max ECDSA named curve (eg min = P256, max = P384)

In both cases have the dynamically generated certs attempt to match the key length/curve of the real end-entity cert for the target remote server if possible, while still remaining constrained by these configured limits.

 

Regards,

Jacob

Debugging web traffic.

November 19, 2014, 2:48 am
$
0
0

Hi I have posted before regarding getting decent information regarding web traffic debugging information and was told that 7.8 now uses a diagclient I have tried everyway from Sunday to get some decent information out of it.

In the old wisp trace when it was setup I used to be able to see what url's were being blocked from a specific user.

now my problem is that triton web filter is blocking https pages and not showing the block page as expected but I have no real way of seeing what is being blocked without using either a 3rd party web debugging package like fiddler or trying to disseminate TMG Logs.

Can someone please give instructions on how to debug the issue using the diag client tool so I can see firstly what url is blocked in the first instance and what urls within the page might stop the page from loading also.

 

Regards Marcus

URL exception per user is it possible?

November 19, 2014, 10:32 am
$
0
0

Is it possible to whitelist/black list a site per user bases?

Ideally i would like to allow or block certain websites per department base.

I am using websense triton cloud security only with no I-Series, with Endpoint, and pac file.

Endpoint uninstalls itself and users are kicked out from the network without internet access helplessly

November 20, 2014, 1:35 am
$
0
0

Hi,

I have been using websense cloud web security for months without any issue until recent.

We are having a serious crisis now because the endpoint keeps on uninstalling itself randomly from end users machines. It many cases when this happens it refuses to be installed back even when we try manual installation.

We are having users kicked out from the network without internet access helplessly.

Please did anyone experience this before?

Viewing all 2011 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>