Hi guys,
I'm new here and so happy to finally find a place like this.
Our organization constantly uses major websites like FedEx, Google and ADP. These are permitted in our users' policies but we constantly have to exempt more and more https addresses every time someone complains they are not able to login. We just copy-paste the https ip address and put it in our permitted list but it seems like an endless tasks.
Any idea how to overcome this constant issue?
Thanks!
Is it possible to open a site for a single user for a specific period of time? Our normal policy is to open the site 3 days and then the site goes back to being blocked.
Thanks
Jon
Hi Team.
I'm with a problem with "uploading large files (25MB)" to a virtual disk".
When the user tries to upload a file with 25MB, starts ok, but after some time, appears a message error http 500. I tried a lot of configurations, but nothing solved. Files with 3 - 7 MB uploads ok!
I changed the timeouts from both appliances:
/opt/WCG/config/records.config
CONFIG proxy.config.http.transaction_no_activity_timeout_in INT 3600
CONFIG proxy.config.http.transaction_no_activity_timeout_out INT 3600
CONFIG proxy.config.http.connect_attempts_timeout INT 3600
CONFIG proxy.config.http.accept_no_activity_timeout INT 3600
/opt/WCG/sxsuite/bin
./oemtool globalconfig inact_open_timeout 3600
./oemtool globalconfig inact_read_timeout 3600
And now it’s no appearing error message, but the upload just stop the “upload bar”, with no error message.
The user have no policy to DLP, just monitoring.
WSG / Web - 7.7.0 and Data 7.7.2 / 2 appliances
Regards
Jeferson Furio
I have several domains set up for access. I can see users and AD directory trees, etc in all the user areas. However, there are only 2 domains (out of 6) visible to Presentation Reports. They are the first 2 in the "Global Catalog Server" list. I can ping all AD servers. "Run" to the various server names. In other words, my Trident server can see all the domain controllers. This is a new installation/new server, plus a "quasi" upgrade. 7.1 is running on another server. (My dc_config.txt file has all the domains listed)
Is there a problem with reports in 7.8?
Is there a place I've missed setting up?
Thanks
I have a very strange situation happening on my websense implementation. I dont know for how long, but it appears that websites that should be restricted are not restricted when using the Chrome browser.
Example:
Acessing http://testdatabasewebsense.com/nudity via IE or FireFox : Blocked
accessing the same site via Chrome, I get a notification that the category is not blocked.
Anyone else have a similar issue?
Running Websense Standalone, version 7.7 on Windows
I'm able to block other https sites like Facebook and Netflix but Youtube still works. Youtube will be blocked if I type http://www.youtube.com in the address bar but typing just youtube.com defaults to https.
When i run a Real Time Monitor I see the https traffic (ie: https:173.194.37.32:443) but Websense puts it in the the Information Technology: Search Engines and Portals category.
I assume this is is because Youtube is owned by Google and Websense is classifying all of Google's ip address as such.
I'm using Web Security 7.8.4.94 in stand alone mode monitoring traffic with the port mirroring feature. I have enable search filtering checked Anyone run into this or know how to properly block https youtube?
Hello All,
A quick question. Just built two new websense AP content gateways with the intention of clustering. Have set out a nic on each box with the same multicast address. However when logging into each gateway, just states cluster value =1 . Anybody can point of thoughts for me to see? I can see packets going in and out of the cluster nic on both boxes so Im assuming they can talk to each other. Multicast is on each of the dedicated cluster nic.
A bit stumped as to why the value is only 1.
Thanks.
Jit
I have a Mac user that can be on a site that they frequently visit one day and then the next day they are blocked by websense. We are under the same profile and I can get to the website just fine. I have checked with other users and they can get to the site fine as well. This happens too often and with different sites they visit. Any suggestions as to what could be happening locally on their computer to cause the conflict? We are predominantly a PC shop.
Hi,
I'm trialing Endpoint DLP and I can't get the client to connect to the server. The client log shows the following error:
ERROR ClientCommunication - HTTPComm::SendObject to server <https://websense/EP/EndpointServer.dll> failed. CURL error - SSL connect error
How do I fix this? Can the client agent default to non-secure, ie port 80?
Thanks
I can see other user traffic, but not for a specific user account. Namely my own account. If I look at the online reports, I can find myself in the reports.
I have an older implementation of Websense that I'm migrating to new appliances shortly and just found that Microsoft Patch KB3061518 (https://support.microsoft.com/en-us/kb/3061518) causes some HTTPS sites to display a "Page Cannot be Found" error. You seemingly only have a few options:
1) Remove the patch
2) Upgrade Websense
3) Turn off HTTPS decryption or bypass each site.
https://www.websense.com/content/mywebsense-downloads.aspx
I created an image with my 32GB flash drive and the image turned my 32GB flash drive into a 6.30 GB flash drive. Anyone know how I can get it back? I even tried reformatting my flash drive to try to get it back to 32GB, but I think it's broke. I used the link above. I followed the steps that Websense suggested and used Image Writer to put the image onto the USB.
Someone else try it and see if their flash drives turns into a 6.30GB drive.
To date I've created/commented on other threads on this forum regarding this, but this thread serves to centralize this issue. Since the google crawler seem to hit these forums, hopefully this will get some attention.
If you are reading this thread and the issues below pertains to you as well, please comment below.
My corporation chose to purchase Websense in order to perform web filtering, as well as MITM (man in the middle) SSL decryption/monitoring for Data Loss Prevention.
Currently, as it stands, for a secure implementation of Websense, if SSL decryption is enabled, and you are using an internal certificate to present to end users, you must enable the Certificate Verification Engine feature in the Websense Content gateway. What this feature does is perform various checks against the external SSL certificate to confirm the validity of that certificate.
If you do not enable this certificate engine while performing SSL decryption, you are flying blind, essentially, as other MITM schemes and invalid cert issuers can intercept your data, and no one in your organization will know. (e.g. think about the recent issues with Diginotar certs being hacked and gmail victims falling prey)
For example, let's use the example of visiting https://www.gmail.com. With SSL decryption enabled, end users will see that this website is using a valid certificate, one that is issued by your company internally; essentially masking the actual SSL certificate. The verification engine then should validate the external SSL certificate. If this validation fails, then a warning should be displayed to the end user -- a warning much like if you visited a site with an expired/invalid certificate.
To date, the verification engine feature does not work without causing massive issues in an environment.
Here are two issues that I've identified so far:
Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4
This issue has been escalated to the point where a Sr. Manager of Technical Support has been involved, but still, no real traction yet. To be fair, it's only been 6+ months of troubleshooting/waiting.
The most troubling thing I've seen is that it appears that others on this forum who use SSL decryption simply acknowledge that this is an issue and simply ignore/disable the verification engine. They've accepted the risk as an technical engineer, but I can only but wonder if their IT management staff realize the data security ramifications.
Anyhow...
If you are reading this as a potential websense customer: Be aware of this issue. I'm not happy about this situation at all. This is a web security problem.
If you are reading this as another company who is using SSL decryption, and have run into these issues, or know of further issues to raise, chime in below.
If you are a websense staff member and care to check out my claims or offer some solutions, please do so! I welcome any/all comments, both positive or negative. Both cases associated to my account have been escalated to backline, while one is currently closed pending results from the other case.
I'll be continually updating this thread, if it does not end up getting brownholed.
A block of addresses is currently being blocked by LEA/Industry partnership via court action as they have been identified as potentialy set up for criminal activity. The Master Database categorises these under 'Network Error' because they don't resolve.
If and when these URLs are released, what will happen in the Master Database?
Is there a risk that if they become live and are used to host malware or some other criminal activity, Websense will not provide protection until they are appropriately recognised as bad and re-categorised?
Hi, we're trying to enable WCCP on our content gateway so that we dont need to input proxy server (implicit/transparent mode) on the client side.
But right now, we're using explicit mode where clients need to manually define the proxy server and port in their browser setting.
Just a quick question, will the explicit mode still be able to work after the implicit mode (WCCP) activated?
Thanks in advance
I am not able to find documentation on how to properly generate a custom SSL certificate for Websense TRITON manager at version 7.84. I've found documentation for version 7, 7.1, 7.5, 7.6., and 7.7. Of course every set of instructions are different. So I've continued to look for instructions on how to do this in version 7.84 but I have not been able to find it.
So I am wondering does these instructions not exist or can someone please point me in the right direction? If need be I'm willing to run the openssl for apache app to generate the new cert if that is the best way to go.
Thank you
Hi,
cesaz-zoryh.dashbida.com
an5172.dashbida.com etc...
I have many alert for this website or subsite from dashbida.com, I check with virus total and find noting.
Pass Malwarebytes, anti-virus found nothing, after one day normally the user have no alert.
The question is do you know where this alert comes from and I you can remove from the user.
Thanx
We are getting a warning that we are approaching our subscription limit. Is there a report we can look at that shows which specific device websense is monitoring so we can make sense of why we are reaching this limit?
This warning does not make sense to us. Any guidance or ideas to help us, I would be happy to hear from you. And would there be any way to reset a counter half way thru the day? We have 2 shifts in our organization, so I'm wondering if this explains some of the issue.
Hello team,
I have a case (02120100) that involves a client recently installed a fresh TRI-AP Web 8.0 version that includes (4) V5K G2 appliances. This deployment is currently under test and being prepared for their NY branch. They also have the version 7.8.1 with 3 appliances that’s been running and deployed in their NJ branch. The issue now lies on the 8.0 version that when the main policy server (the Triton machine – 172.16.95.45) is selected and looking at the “Settings>General>Account” section of the console the Product Level shows “Web Filter & Security” and the “Scanning” option is not available. But when switching to the other policy server (appliances) the information on the “Product Level” in the Account section shows “TRITON AP-WEB” and the Scanning option is showing and available to use.
Hi,
Users are randomly getting the error:
"Requested access was blocked.
Reason: Websense Filtering has been interrupted.
Options: Please wait while the service is restarted. If you are unable to access the Internet after a few minutes, please contact your network software administrator".
Using Websene V5000 G2R2 8.0.0 AP-WEB.
Anyone experienced this problem before?