You know, it would be really nice and effective and LOGICAL & PRACTICAL to put license usage / seat count in the Websense Manager.
Having to go to the server and do the seat count in DOS is not only cumbersome, but looks unprofessional and poor excuse for a corporate/enterprise class product.
This KB Article looks like a band-aid solution to a missing feature that is supposed to be included in the Websense Manager as a basic functionality to begin with!
We have an issue with users who are members of many Active Directory groups (700+) getting an authentication error from the Content gateway using Kerberos authentication. This issue was logged with Websense. The engineer who assisted requested this feature request is logged. Throughout our environment we implemented the Microsoft setting found in this KB http://support.microsoft.com/kb/327825 some time ago and this has eliminated issues with other systems access. Can Websense provide a solution to increase the max kerberos token size to 64K to match the Microsoft limit please?
I just upgraded to 7.6. I have a custom URL category called iTunes that is allowed for a few users. I had one of them tell me that they are being blocked trying to download iTunes. The URL of the download is "http://www.apple.com/itunes/download/". If I run the URL Category check, it tells me it is in the iTunes category I created. However, if I run the Test Filtering, it tells me that the result is "Security Override Blocked" and that the URL is actually in the category "Freeware and Software Download" (which is blocked for all users).
Why didn't the recategorization fix this issue? What can I do to allow this for my users?
Actually we have Websense email security in a windows 2003 ent server x86, exchange 2003, we will setup a new virtual exchange 2008 standard R2, do we have to install version 7.3 first and move the database to upgrade to email security gateway7.7? Could be other options for upgrade to new version?
Thanks in advance
We have recently had issues with slow browsing which appear to have been down to the cache. Disabling http caching resolved the issues, turning it back on returned them. At which point I started looking for how to clear the cache, and found article in KB on how to do it, but as we don't have root access to the WCG vm was not able to do anything about it.
We were unable to clear the cache without raising a support call. Can we have a button in the web GUI somewhere so that we can clear the cache ourselves.
Also though there is configuration for setting up Cache Partition rules etc we won't ever be able to do so without raising another support call as our current cache takes up all the space and Support rep said we would have to call them to get it resized.
It would be good if there were controls in the WCG web interface that would allow us to resize and clear the cache on the appliances.
Please.
Jay Cannings
Can i manage two domains in one triton 7.6 email security gateway management server, right now im using websense email security 7.3 for each domain.
thanks
To date I've created/commented on other threads on this forum regarding this, but this thread serves to centralize this issue. Since the google crawler seem to hit these forums, hopefully this will get some attention.
If you are reading this thread and the issues below pertains to you as well, please comment below.
My corporation chose to purchase Websense in order to perform web filtering, as well as MITM (man in the middle) SSL decryption/monitoring for Data Loss Prevention.
Currently, as it stands, for a secure implementation of Websense, if SSL decryption is enabled, and you are using an internal certificate to present to end users, you must enable the Certificate Verification Engine feature in the Websense Content gateway. What this feature does is perform various checks against the external SSL certificate to confirm the validity of that certificate.
If you do not enable this certificate engine while performing SSL decryption, you are flying blind, essentially, as other MITM schemes and invalid cert issuers can intercept your data, and no one in your organization will know. (e.g. think about the recent issues with Diginotar certs being hacked and gmail victims falling prey)
For example, let's use the example of visiting https://www.gmail.com. With SSL decryption enabled, end users will see that this website is using a valid certificate, one that is issued by your company internally; essentially masking the actual SSL certificate. The verification engine then should validate the external SSL certificate. If this validation fails, then a warning should be displayed to the end user -- a warning much like if you visited a site with an expired/invalid certificate.
To date, the verification engine feature does not work without causing massive issues in an environment.
Here are two issues that I've identified so far:
Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4
This issue has been escalated to the point where a Sr. Manager of Technical Support has been involved, but still, no real traction yet. To be fair, it's only been 6+ months of troubleshooting/waiting.
The most troubling thing I've seen is that it appears that others on this forum who use SSL decryption simply acknowledge that this is an issue and simply ignore/disable the verification engine. They've accepted the risk as an technical engineer, but I can only but wonder if their IT management staff realize the data security ramifications.
Anyhow...
If you are reading this as a potential websense customer: Be aware of this issue. I'm not happy about this situation at all. This is a web security problem.
If you are reading this as another company who is using SSL decryption, and have run into these issues, or know of further issues to raise, chime in below.
If you are a websense staff member and care to check out my claims or offer some solutions, please do so! I welcome any/all comments, both positive or negative. Both cases associated to my account have been escalated to backline, while one is currently closed pending results from the other case.
I'll be continually updating this thread, if it does not end up getting brownholed.
Lately I have noticed that more spam than normal is getting through. When I checked the logs I found that the spam is logged in the Receive Log, does not show up at all in the Rules Log, and shows up again in the Send Log when it is sent to the recipient. I increased the number of Rules processing threads in the Server configuration from 8 to 16 but have not noticed any appreciable difference.
Any ideas?
Bom Dia
Gostaria de saber se a websense tem trabalhado para implementar cotas diferentes por categoria, e não a cota aplicada ao cliente.
Submitting on behalf of customer:
"Confirm" actions exist in WSG and Data Endpoint, but within Network DLP. Essentially, if an end user tries to post data that is identified by Network DLP, the customer would like the end user to have the option to "confirm" that they actually want to proceed and post or stop the transaction, in line with other products.
I have a Websense installation where I moved the network agent from one machine to another. I uninstalled the "old" network agent but there were problems when it uninstalled. Eventually it did uninstall but when I log into the Websense Manager (7.1 on another host) there is a notification that the network agent on the old box is not running, even though it is not installed there.
I reinstalled and uninstalled it again on the old box in the hope that it would be properly removed from the Websense configuration, but I still get the error. Besides the error there are no problems and the newly installed network agent runs fine.
Is there a way to manually remove the old Network Agents configuration from the Websense installation so I do not see the warnings in the management console?
Hello everyone,
I am having a bit of trouble and hope you all can help. For our shop users we have created a policy called shop security that blocks pretty much all internet access. The problem is if I add an active directory group to the policy it does not seem to work. They can still access the internet at the same level as the default policy user. But if I add an individual to the shop security group then it works like it is suppose to. I have it set in the settings to use the most restricted. So how can I get it to make sure the AD group is using the policy and not the individual user choosing the default policy?
Thanks for you help,
Joe
I habe just updated my setup to 7.6 and then added the Real Time Monitor Component. Its showing in the menu and when i click on it it opens in the right hand pane of the browser, but nothing shows in it. Despite the fact that investigative reporting is showing activity happeing that Real Time Monitor should be picking up.
Any suggestions ?
We have been very pleased with Surfcontrol for many years but have recently found that Surfcontrol/Websense is unable to block video content on sites such as YouTube without going through a very tedious and somewhat impossible process. We do not want to totally block sites such as YouTube but would like to see inappropriate video searches within the sites blocked.
This is quite a loophole and I am hoping that the ability to block searches within a site would be a feature that could be offered.
I enabled a rule to isolate all types of emails that reach >=100, using the Adult dictionary. I sent a test email and it was received successfully. It also did not show up as being sent or received in any of the logs on the web console.
we are using websense email security 6.1
Any suggestions?
We would like to send DSS audit log to a SIEM rather than simply the incident details. This will help monitor the Websense system.
Thank you
We would like an Integrate option to send normally (without encryption), with encryption, or to cancel send in order to edit. This should appear on the endpoint desktop, similar to a confirm option.
Thanks
We would like to exclude or Include destinations by Business Group under Endpoint Email.
Thanks
Good day!
I receive an error message when trying to add some Network Account users as administrators in the TRITON Settings, while I'm able to add others. The error message I get is:
Error creating the user xxxxxx : A general error has occurred.
Error creating the user xxxxxx : A detailed message was written to the server's log file, the message can be identified as xxxxxxxxxxxxxxxxxxxxx
From a discussion I had with support, I understand this isn't an easy thing to do on the V10000 but it's possible that support can do this.
Therefore, I would like to see some options for the easy customisation of block pages. SurfControl made this "kids play" and you could have a different block page for each different policy.
As most organisations only really want to substitute the Websense logo with their logo and change the word "organization" to their company name, I'm sure this could be facilitated via the WSG GUI without to much trouble.
Therefore I'd like to put this as an RFE please.
It does strike me the more I use the V10000 and WSG that there are a number of facilities that are missing when comparing it to SurfControl. It's a shame that WS didn't find out what features SC users couldn't live without and incorporate them into v7.