I want to enable WCCP but I also need to bypass the web filtering for a set of websites. Currently we use IE to proxy web traffic and use the bypass to do sites such as *.surveymonkey.com;*.lpl.com;*.decisivereports.com, I am unable to find where to create a list such as this for Triton APX Web, the Exceptions list does not work all the time.
↧
How to bypass WCCP
↧
Problem to Download the Master Database - No Filtering Service is installed for this Policy Server
Hi Team
We are facing a lot of problems with the download of the master database.
The server it's connected directly to Internet, with full permission (Just for tests), the download stars, but almost at the end of the proccess, appears the error message "No Filtering Service is installed for this Policy Server"
I already did a fresh download (https://pt.websense.com/support/article/t-kbarticle/Fresh-Master-Database-Download);
And a Database update fails with errors (http://www.websense.com/support/article/t-kbarticle/v7-Database-update-not-successful-1258048539721);
And also a Filtering Service reinstall.
Any ideia?
Best Regards,
Jeferson Furio
↧
↧
How can I configure Account Override to only request the username instead of a domain\username?
Hello,
I have a customer on v7.8.4 who is using the Account Override feature when a block page appears. Whenever a user gets a block page, they can click the button for "Enter New Credentials" to apply a new policy. When the user enters their username, they have to include the domain.
ex)
username: domain\user - this works
username: user - this does not work
In Triton Web Security > Settings > User Identification > Additional Authentication Options, I have included the domain in the "Default domain context" box but the credentials still require a username. The customer is only using DC Agent to authenticate.
Besides adding the domain in that field, is there any other configurations I need to make to ensure that the Account Override will only require the username and not the domain\username?
Thank you,
Trinidad
↧
Upgrading from 7.7.3 to 7.8.1 - which first console or appliance
I am upgrading our existing setup from 7.7.3 to 7.8.1 . This is a v5000 appliance (early model) with off appliance console and logging. I have applied the requisite patches and appear ready to do the final patch upgrades. My question is should I upgrade the Triton console first or the appliance? Before it's asked, I do have a new appliance in house (v5000 G2) that will be used to bring me up to 7.8.4 via a hardware migration/upgrade path at a later date.
↧
Triton AP-Email 8.0 Domain Based Route
Hi Guys,
I am quite new to Trion Ap-Email. I need to find out how to enter a remote domain like all public domains which is written as * in most other configuration applications inside Mail Routing > Domain Based Delivery. My understanding is on Add Domain-Based Delivery Route page, i will write * as other domains except protected domains and configure either MX or Smarthost as next hop for delivery.
Is my approach correct one to go ahead with.??
↧
↧
Security issue discovered: Are you performing SSL decryption with Websense? Read this.
To date I've created/commented on other threads on this forum regarding this, but this thread serves to centralize this issue. Since the google crawler seem to hit these forums, hopefully this will get some attention.
If you are reading this thread and the issues below pertains to you as well, please comment below.
My corporation chose to purchase Websense in order to perform web filtering, as well as MITM (man in the middle) SSL decryption/monitoring for Data Loss Prevention.
Currently, as it stands, for a secure implementation of Websense, if SSL decryption is enabled, and you are using an internal certificate to present to end users, you must enable the Certificate Verification Engine feature in the Websense Content gateway. What this feature does is perform various checks against the external SSL certificate to confirm the validity of that certificate.
If you do not enable this certificate engine while performing SSL decryption, you are flying blind, essentially, as other MITM schemes and invalid cert issuers can intercept your data, and no one in your organization will know. (e.g. think about the recent issues with Diginotar certs being hacked and gmail victims falling prey)
For example, let's use the example of visiting https://www.gmail.com. With SSL decryption enabled, end users will see that this website is using a valid certificate, one that is issued by your company internally; essentially masking the actual SSL certificate. The verification engine then should validate the external SSL certificate. If this validation fails, then a warning should be displayed to the end user -- a warning much like if you visited a site with an expired/invalid certificate.
To date, the verification engine feature does not work without causing massive issues in an environment.
Here are two issues that I've identified so far:
Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4
- [Minor] When Websense validates a certificate, there is an option to check for CRL (certificate revocation list) to determine if a certificate has been revoked. The problem with this is, there are many certificates issued/used on the internet that seemingly have problems/ don't adhere to this standard. (not sure why) The easy solution would be to disable the CRL check option under the verification engine. However, this disablement does not currently work. This results in many end users bombarding the helpdesk wondering what websense block "verify deny = 0" means.
- [Major] Certain websites, such as wellsfargo.com do not load properly, or do not load at all via SSL. This is an intermittent issue. Since this is a banking website, it is imperative to have SSL work. I have provided logs. I have provided data dumps, I have spent numerous hours troubleshooting this issue with Websense. Websense has even been able to reproduce this issue, but I have been told that I will need to impact my production environment further by enabling this feature on long term to collect more dumps. This becomes a problem, as the [minor] issue above causes the helpdesk line to flood. Because of this, my 6+ month case has been closed, pending results for the issue above.
This issue has been escalated to the point where a Sr. Manager of Technical Support has been involved, but still, no real traction yet. To be fair, it's only been 6+ months of troubleshooting/waiting.
The most troubling thing I've seen is that it appears that others on this forum who use SSL decryption simply acknowledge that this is an issue and simply ignore/disable the verification engine. They've accepted the risk as an technical engineer, but I can only but wonder if their IT management staff realize the data security ramifications.
Anyhow...
If you are reading this as a potential websense customer: Be aware of this issue. I'm not happy about this situation at all. This is a web security problem.
If you are reading this as another company who is using SSL decryption, and have run into these issues, or know of further issues to raise, chime in below.
If you are a websense staff member and care to check out my claims or offer some solutions, please do so! I welcome any/all comments, both positive or negative. Both cases associated to my account have been escalated to backline, while one is currently closed pending results from the other case.
I'll be continually updating this thread, if it does not end up getting brownholed.
↧
TRITON is processing
We are using WSG v8.0.1 and the TRITON is hold at "processing....." after I login successful always.
Is it a normal/often at TRITON?
Websense support suggest to restart the service and then login again.
If it is still cannot resume, he suggest us to reboot the TRITON.
In our experience, it is successful to load the "Web" pages. But the "processing" is always happen.
In our production environment, we cannot restart or reboot the TRITON daily.
Hi All,
Any suggestion for this case?
Could you mind sharing your experience if you meet this issue before?
Many Thanks.
↧
Reporting and filter questions
I am trying to figure out why on our reports these URL match the keywords I have defined in the category, it makes no sense why these come up on the report.
URLs: www.18.officedepot.com
omniture.walmart.com
metrics.target.com
keywords: webex and gotomeeting
↧
Customizing the PROTOCOL block message
We are on version 7.8.4.
We have a custom block message for blocked http requests and it works perfectly. For the first time I saw someone get a block message for the protocol being blocked. This block message was the default out-of-the-box message. I would like to customize this message as well. However, I am not able to find the correct html file that loads this block message for protocols. Does anyone out there know which file I need to update for this?
Thank you
↧
↧
Presentation Reports zip file
It was a very bad idea to change the output of Presentation Reports (via scheduler) to create a zip file to email.
--- Where can I turn that off?
Thanks
↧
Triton AP-Email v8.0 Policy Processing
Hi guys,
I have little confusion regarding policy processing of Triton AP-Email v8.0 . Guide clearly mentions that if a message matches a certain policy(condition/filter/action), then subsequent policy processing is stopped dead or further policies down the list wont be applied. Agreed. Now, i have following situation ;
(i) A new inbound policy 'PolicyX' having order # 1 with relevant filter/action/rule has been created to drop message above 10MB. By default, 'PolicyX' having order # 1 will inherit out-of-the-box policies like Anti-Spam, Anti-virus, Commercial Bulk Email,...,etc. I have disabled them (Anti-Spam, Anti-virus, Commercial Bulk Email) inside the 'PolicyX' having order # 1 because I have Default Policy with order # 2 to handle it.
My question is If message above 10MB with a virus and spam in it, matches PolicyX having order # 1 will bypass Default Policy with order # 2 since policy processing stops dead if message matches condition/filter/action????
AND
If i leave then enabled inside PolicyX having order # 1 , does it mean that Anti-Spam, Anti-virus, Commercial Bulk Email will be applied twice?
thanks
Syed
↧
Websense games catégorie
hi, is it possible to split games category into 2 categories?
It might look like ths example: a category "game information" and a category "game" simply (with flash game in).
↧
Chrome and EndPoint
I use Chrome every day - currently v43.0. For the first time today, I received a Chrome message saying "Chrome has disabled your Websense extension. To protect you while you use browse, Chrome only lets you use extensions that have been published on the Chrome Web store." and it cannot be re-enabled - all in an effort to "protect" us. Aren't we lucky to have Google there to save us? <sigh>
It does on to say "if you need to use a disabled extension you can contact the extension's developer and ask the to upload their extension to the Chrome Web Store". Right. We can ask. Sorry, but I have little confidence in that option.
Anybody know of a hack to allow this in Chrome? I may have to ban this browser from my enterprise.
Thanks!
↧
↧
Websence and proxy server development
Hello all
Where can i find detail on the protocol used by Webscense when it replies to a request so that i can connect the proxy server i am developing to a Webscense filter server using UDP
I have packet sniffed and can see the UDP request need to be in the format of
Date Now, IpFrom, IPto,Url,Username
But i am not sure what is in the byte array i get back from the server and i need to parse the data.
Regards
↧
Upgrade Question.
We have a triton unified security centre 7.8.3, We use the web security product. Is this available to upgrade to version 8? I can only find reference to triton security gateway or appliance.
↧
Websene Filtering has been Interrupted
Hi,
Users are randomly getting the error:
"Requested access was blocked.
Reason: Websense Filtering has been interrupted.
Options: Please wait while the service is restarted. If you are unable to access the Internet after a few minutes, please contact your network software administrator".
Using Websene V5000 G2R2 8.0.0 AP-WEB.
Anyone experienced this problem before?
↧
IE8 on XP not working with Endpoint
We are currently in the process of rolling out Triton AP-Web to users and installing Endpoint version 8.0.2076
on some of our XP machines though when you use chrome the endpoint works fine and will allow access or block pages as necessary. when you go into IE8 though the page will not connect at all through the proxy you just get Internet Explorer could not display the page (internal sites are fine)
if you stop the endpoint and leave the same PAC file entry in then IE8 starts working again and has no issues but when you start it again the issue comes back. I've checked all the security and IE settings I can think of but starting to struggle. I've also run a wireshark and when you open up Chrome you can see the first thing it does is a Get /proxy.pac when you do this for IE8 it looks like it is trying to go to the site direct rather than through websense.
I've done full windows updates on my test PC too and same error.
has anyone else seen this sort of behaviour from endpoint on XP (We are in the middle of rolling out windows 7 but need to get this working on XP as well)im struggling on what else I can do but also have support looking at this.
↧
↧
The management console cannot connect to the primary Policy Server.
Running version 7.8.4 on Server 2008 R2 Standard, standalone
Full error message:
The management console cannot connect to the primary Policy Server. The version is correct but Policy Server cannot be reached. There are no available secondary Policy Servers with the proper version.
Please make sure there is at least one Policy Server running whose version matches the management console version, and network communication is possible between them. To attempt to restart the primary Policy Server, click Restart.
Clicking on Restart restarts the service as expected, but I still get this error trying to log in. I've tried some of the fixes for when it says no policy service is running, (deleting *.p12) but this is obviously a different issue. To my knowledge, nothing has changed on the server, with the exception of Windows Updates. All services are up and running. No obvious errors in the Event Viewer. All INI files are correct and pointing to the correct server.
Anything I can try?
↧
block all site for determinate user
Hi,
i want to create a rule for determinate user, i want to block all except determinate site.
Can you tell me how to accomplish this task.
thank's
↧
Confusing Alert regarding Facebook
Here are the facts:
1. I am blocking everyone from using facebook.
2. I tried to connect to facebook and confirmed that I am getting blocked.
3. I was following an article from google news that lead me to huffington posts website. This triggered an alert saying that I am accessing facebook and the action is permitted.
QUESTION:
1. Why would it report that I am accessing facebook even if I am not in facebook?
2. Why does it say that the action is Permitted?
↧