Hi all ;
I'm quite new in Websnese Administration. What is the "Malicious Traffic (Cannot block) protocol" in Protocols filters? Why we can't block this? I've found a KnowledgeBase but there is not much information over there. Can anyone explain me with more details?
http://www.websense.com/content/support/library/web/v76/triton_web_help/security_protocols.aspx
In here, it says "no other filtering action can be applied". But we can click block? I'm a little bit confused :/
Thanks in advance.
Hello, In some country (Japan, Brazil, china) i have some issue with lync when the user is out of the LAN:
If the user is connected directly on the web (hotel, home or 3G), lync can not authenticate.
As soon as i stop Websense services (Endpoint agent), lync is authenticate and runing fine.
Also if websense is runing, and i establish a VPN with the company, it is also working.
The configuration for Lync is the same around the word for all our users, it is a global configuration (same version...).
If a japan user is coming to france, Lync is working.
Websense is instaleld on all users (endpoint agent V1911, with a internal TRITON 7.8.
What should i do to solve this issue.
Tx for all your help, idea...
A
Hi I have posted before regarding getting decent information regarding web traffic debugging information and was told that 7.8 now uses a diagclient I have tried everyway from Sunday to get some decent information out of it.
In the old wisp trace when it was setup I used to be able to see what url's were being blocked from a specific user.
now my problem is that triton web filter is blocking https pages and not showing the block page as expected but I have no real way of seeing what is being blocked without using either a 3rd party web debugging package like fiddler or trying to disseminate TMG Logs.
Can someone please give instructions on how to debug the issue using the diag client tool so I can see firstly what url is blocked in the first instance and what urls within the page might stop the page from loading also.
Regards Marcus
I find that in my Cloud Web Security portal that version 1145 is the most recent version available (1.4.7.6.1145) and the Release Notes do not mention explicitly supporting Windows 8 or 8.1 (but there is a mention that "…endpoint does not support Windows 8 Metro apps…") Which seems to indicate that there may be some level of support on Windows 8.
Page 3 of 1145 Release notes do explicitly note:
Supported operating systems
Windows XP with Service Pack 2 or higher (32-bit and 64-bit)
Windows Vista with Service Pack 1 or higher (32-bit and 64-bit)
Windows 7 (32-bit and 64-bit)
My question is are there folks out there with 8 or more specifically 8.1 running with Web endpoint?
thanks
We recently pushed a GPO to clients to disable SSLV3, enforcing TLS. We also made a change on the Gateway to disable SSLV3.
We have had a number of sites that do not support TLS so have had to put bypasses into the gateway for these websites, allowing client and remote webserver to negotiate a SSLV3 connection (corresponding exception in GPO for those clients).
The content-gateway does not behave like the client, and if TLS1.X fails, and site does not have secure-renogiation enabled, it stops. It does not then try to connect with a stepped-down version of TLS.
As our exceptions for SSLV3 sites builds up, I'm curious what other users (especially those with both content-gateway and Hybrid products in-use) are doing to effectively manage this.
Chrome and Firefox says support for SSLV3 will be disabled in near-future, and IE does not have a time-commitment specified.
Given the majority of our users are laptop users and mobile, the use of public-hot-spots is a concern with regards to MITM-attacks.
Websense states making a secure-negotiation would require a rewrite in the product so we appear stuck in a messy situation. It seems that if the hybrid service or gateway could identify a TLS1.2 negotiation failure, and do essentially a retry using TLS1.2 (for example), this would fix some of the issues and make the service behave more like a client that retries.
Curious what other shops have done regarding this Poodle vulnerability and general SSL-Decryption functionality - any info much appreciated!
1. Have you disabled SSLV3 on your gateway?
2. Have you disabled SSLV3 on your clients?
3. Are you busy adding bypasses for sites?
4. If you use the Websense Hybrid service, do you have SSL decryption enabled? If so, what has been the user experience? Are there any pain points, and how much work is created to troubleshoot web site access or add exceptions?
Hi,
We have a test full cloud web trial running which is working ok through a standard windows 7 laptop, however we are trying to trial this on a Windows mobile 8.1.
When putting in the Internet APN proxy server URL webdefence.global.blackspider.com port 80 we are prompted to put in our authentication details (local authentication credentials that work on the laptop).
Once inputting the credentials, we receive the following message -
Authentication canceled
Your organization requires you to provide your login credentials to access the requested site. URL http://www.****.com
Try again
Has anyone successfully used a windows mobile through either hybrid or cloud?
Many thanks
To date I've created/commented on other threads on this forum regarding this, but this thread serves to centralize this issue. Since the google crawler seem to hit these forums, hopefully this will get some attention.
If you are reading this thread and the issues below pertains to you as well, please comment below.
My corporation chose to purchase Websense in order to perform web filtering, as well as MITM (man in the middle) SSL decryption/monitoring for Data Loss Prevention.
Currently, as it stands, for a secure implementation of Websense, if SSL decryption is enabled, and you are using an internal certificate to present to end users, you must enable the Certificate Verification Engine feature in the Websense Content gateway. What this feature does is perform various checks against the external SSL certificate to confirm the validity of that certificate.
If you do not enable this certificate engine while performing SSL decryption, you are flying blind, essentially, as other MITM schemes and invalid cert issuers can intercept your data, and no one in your organization will know. (e.g. think about the recent issues with Diginotar certs being hacked and gmail victims falling prey)
For example, let's use the example of visiting https://www.gmail.com. With SSL decryption enabled, end users will see that this website is using a valid certificate, one that is issued by your company internally; essentially masking the actual SSL certificate. The verification engine then should validate the external SSL certificate. If this validation fails, then a warning should be displayed to the end user -- a warning much like if you visited a site with an expired/invalid certificate.
To date, the verification engine feature does not work without causing massive issues in an environment.
Here are two issues that I've identified so far:
Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4
This issue has been escalated to the point where a Sr. Manager of Technical Support has been involved, but still, no real traction yet. To be fair, it's only been 6+ months of troubleshooting/waiting.
The most troubling thing I've seen is that it appears that others on this forum who use SSL decryption simply acknowledge that this is an issue and simply ignore/disable the verification engine. They've accepted the risk as an technical engineer, but I can only but wonder if their IT management staff realize the data security ramifications.
Anyhow...
If you are reading this as a potential websense customer: Be aware of this issue. I'm not happy about this situation at all. This is a web security problem.
If you are reading this as another company who is using SSL decryption, and have run into these issues, or know of further issues to raise, chime in below.
If you are a websense staff member and care to check out my claims or offer some solutions, please do so! I welcome any/all comments, both positive or negative. Both cases associated to my account have been escalated to backline, while one is currently closed pending results from the other case.
I'll be continually updating this thread, if it does not end up getting brownholed.
Hi,
is it possible to integrate TMG 2010 with TRITON AP-WEB 8.0 without the requirement
of the Content Gateway on Linux platform?
Or is the Web Security 7.8.4 the last version, where the all Websense components can reside on
the Windows OS servers only?
Thanks.
R.
Hi!
Can anybody help me?
I have task:
"Configure Cisco ASAv to work with Websense URL filtering"
ASAv - ver. 9.2(1)
Websense - ver. 7.8
I installed Websense, added key, download DB, add IP assa to monitoring list,
On ASAv a run command "url-server servers vendor websense host *.*.*.* protocol tcp version 1"
In the log ASAv i see message: "URL Server *.*.*.* not responding"
What i must to do that fix this problem?
We are planning on upgrading our Websense deployment from 7.7.3 to 7.8.x. I have read that 7.8 requires AD domain controllers on 2008, 2008 R2 or 2012.
http://www.websense.com/content/support/library/deployctr/v78/dic_sys_req.aspx
My question is, will Web Security 7.8 work with a 2003 AD environment? We plan on upgrading all of our DCs soon but we need to upgrade Websense now.
Also, if it does work with 2003 DCs, will Web Security 7.8 be supported by Websense support if we have a 2003 AD environment?
If we stand up a 2012 domain controller but keep the rest on 2003, will Web Security 7.8 be supported by Websense?
The following link provides scripts to for 7.1 and 7.6
http://www.websense.com/support/article/t-kbarticle/v7-0-1-and-7-1-Can-I-automatically-set-new-database-partitions-to-use-full-recovery-mode-1258048523530
. Are there sql scripts available to make the wslog70 dbs be created in full mode rather than simple mode for later versions of Websense? Specifically 7.8?
How do a I as a Superuser reset a user secure messaging account? We have a client that forgot their password and the answer to the security question so they cannot reset their password.
We are running Email Security v7.3.
Our users are doing a good job of reviewing their blocked messages and deleting them from PEM. We have noticed that even though the user deletes the messages from PEM, it remains in the queue until it times out (7 days in our case). Shouldn't it be removed from the queue as well? If the messages stay in the queue, it gets very large.
Is this functioning correctly?
Thanks,
James
*I tried posting this in the PEM forum, but the message body is always blank.
I'm in the process of upgrading from 7.8.1 to 7.8.4 then configure the Email Hybrid Service.
I have been working through Tech guide and have few questions;
1. What is the delivery route? It states domain names must be added?
2. Configure DNS - I don't understand why cname(s) are required? We have MX records in place.
The remaining process seems straight forward.
Hello,
I have a virtual machine under Windows 2008 R2 hosting Websense web security 7.7.3 and another VM under CentOs hosting the Websense Content Gateway.
I would like to know if I can upgrade my plateforms to 7.8.3? do i have to install the 7.8.3 file on a new server and migrate all the data or i can just launch the install file on the same server and i'll be prompted to upgrade my version of Websense?
Do you think I should go directly for the 7.8.4 version or it's better to wait a bit longer and stay with the 7.8.3 version?
Thank you
Regards
After upgrading to 7.8.4 there is no current data displayed on the Threats tab in the Dashboard. It seems that everything else is working as it should. The rest of the tabs contain current data and I am able to view activity through the Investigative Reports area. OS is 2008 R2. Is anyone else experiencing this?
We are using Email Security 7.3. When a user gets an email notifying them that a message they sent, has been blocked; the message has 'none' next to the Reason. Is there a way to show the user which rule blocked their message? I looked at the rules, but I do not see any setting for Reason, Category, or Policy.
Thanks,
James
Here are the facts:
1. I am blocking everyone from using facebook.
2. I tried to connect to facebook and confirmed that I am getting blocked.
3. I was following an article from google news that lead me to huffington posts website. This triggered an alert saying that I am accessing facebook and the action is permitted.
QUESTION:
1. Why would it report that I am accessing facebook even if I am not in facebook?
2. Why does it say that the action is Permitted?
(WSGA 7.7.3) The Hybrid Viewer on the Log Server (with DAS and Sync) is reporting 3011 Duplicate GUID iyzcTydpukOOE7pq46sUjA== and I cannot figure out how to enter this on the screen Shared User Data > Active Directory (Native Mode) in order to filter it out. I can easily filter duplicate email addresses, but the duplicate GUID has created a challenge. I have tried the following:
Find String Replace String Syntax Type
iyzcTydpukOOE7pq46sUjA== GUID@ Wildcard
Please advise. Thank you
Richard
Hi, I've read a lot about unblocking YouTube channels on other versions of Websense, but not for Cloud Web Security. Unblocking the Channel URL doesn't work on it's own, does anyone know how to just unblock a Channel and it's videos?
Thanks