How do I port over the settings and policies from one server (7.8.x) to another (latest release) when they will be running two different installation versions?
7.8.x to 8.x server to server migration
Users at Remote Site not Reporting
Hi All,
I have built a server with a fresh install of Triton APX 8.0 Web Filter & Security. The problem I am facing is the users at my remote site do not show on the reports.
We have a site to site VPN setup both running Juniper Firewalls with Websense enabled for web filtering. The filtering seems to be working fine at the remote site with the policy's I have setup but I can not see any reporting or logging.
Can you help me?
Thanks
Lance
Office Content and Web Security
Hi,
We've just deployed the hosted solution with Websense and are having problems with credentials prompts from Office 2013 applications. If we stop Office from going online it stops but we need the features.
We basically get a proxy credential prompt for "office15client.microsoft".
If I browse the transaction viewer on the portal it shows these requests as action "authentication required". I've added the URL's to a custom whitelist and still no joy.
Several posts online suggest putting them into the bypass or non-proxy address list, this wont work for us as our firewall prevents all outbound connections on 80 and 443 (amongst others), so web traffic HAS to go through the proxy.
Is there a way of having it go through the proxy but not having it modified in any way? I thought that's what the custom category being set to allow would do.
Thanks
Dave
HK Cloud user have an issue when they browsing some video site
Hello.
Our customer locate in HONG KONG, when they access now.com to watch news. the site return , user didn't locate in HONG KONG,
When they use IPLocation.net check our cluster K (116.50.57.180) have 4 records locate in Australia.
7.8.x System Requirements for individual components
Is there anywhere that gives system requirements for individual components of Web Security 7.8.x?
Specifically I am after the requirements to run a system with DC Agent and Filtering Service only.
the main System Requirements document, https://www.websense.com/content/support/library/deployctr/v78/dic_sys_req.aspx, just shows the requirement for the full TRITON Management Server.
Security of the 'Store Passwords Using Reversible Encryption' setting
On behalf of a customer:
Upgrading a Windows Triton server from 7.8.2 to 8.0 requires the Active Directory Group Policy Object setting of "Store Passwords Using Reversible Encryption" to be enabled.
Does this expose any user passwords by storing them in cleartext? What is the setting used for during the installation?
Websense 7 Manager Timeout
Hi,
I was wondering if there was a way to change the default timeout of 30 minutes to something more reasonable? 30 minutes is rediculous. It also times out the Investigative Reports when open in a new window causing me to lose what I had on the screen.
At least in Websense 6 you could change the timeout to something more reasonable.
Thank you,
Steve
safe results, via explicit.bing.net?
So, suddenly we're noticing a LOT of image search results from bing are being served by, for example tse*.explicit.bing.net instead of the usual. As *.explicit.bing.net is filtered for adult, this is throwing our alerts haywire.
To test, https://www.bing.com/images/search?q=emoji%20wallpapers&qs=n&form=QBIR&pq=emoji%20wallpa&sc=0-0&sp=-1&sk=
You'll find several thumbnails missing if you exclude the explicit bing domain in your policy - yet when you hover of them, it's apparent they're quite safe. This is new - we're getting so many alerts now for safe images. This started happening late last week.
Anyone got any ideas (apart from reclassifying *.explicit.bing.net) what we can do here?
A
Master Database downloading outside defined period
PROBLEM:
The Master Database is being downloaded during production hours (e.g. 8:23AM, 1:16PM) and causing a slowdown of the customer’s network. However, it is set in the Triton Manager to download during 21:00 – 06:00.
SITUATION:
· Web Filter, v7.8.4.
· One primary policy server, eight Filtering Services at sites in cities around the state. All are in the same time zone and have the correct time.
· Yesterday we made a fresh install on a Windows server of a secondary Policy Server and a Filtering Service, and configured it to download in the same time window. However, it downloaded the Master Database at the same time as the others, during production hours.
Here’s are sections of the Websense.log from that fresh install, beginning at 21:00.
09/23/2015 21:13:25,Warning,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:317,0x10010001,Trans ID Agent: Disconnected from XID agent at this location. [server: DRWEBSEC] [port: 30600]
09/23/2015 21:13:27,Information,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:244,0x10010001,Trans ID Agent: Connected to the XID agent at this location. [server: DRWEBSEC] [port: 30600]
09/23/2015 21:39:10,Information,Websense EIM Server@172.30.40.176,CategoryAgent,WsTransferTimer.cpp:417,0x11460004,Websense Master Database version 04954 dated 2015-9-23 is up to date.
09/23/2015 22:04:56,Warning,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:317,0x10010001,Trans ID Agent: Disconnected from XID agent at this location. [server: DRWEBSEC] [port: 30600]
09/23/2015 22:04:58,Information,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:244,0x10010001,Trans ID Agent: Connected to the XID agent at this location. [server: DRWEBSEC] [port: 30600]
09/23/2015 22:56:28,Warning,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:317,0x10010001,Trans ID Agent: Disconnected from XID agent at this location. [server: DRWEBSEC] [port: 30600]
09/23/2015 22:56:29,Information,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:244,0x10010001,Trans ID Agent: Connected to the XID agent at this location. [server: DRWEBSEC] [port: 30600]
09/23/2015 23:47:59,Warning,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:317,0x10010001,Trans ID Agent: Disconnected from XID agent at this location. [server: DRWEBSEC] [port: 30600]
09/23/2015 23:48:00,Information,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:244,0x10010001,Trans ID Agent: Connected to the XID agent at this location. [server: DRWEBSEC] [port: 30600]
… [repeats of those XID disconnect/connect messages every 51-52 minutes] …
09/24/2015 08:23:13,Warning,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:317,0x10010001,Trans ID Agent: Disconnected from XID agent at this location. [server: DRWEBSEC] [port: 30600]
09/24/2015 08:23:15,Information,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:244,0x10010001,Trans ID Agent: Connected to the XID agent at this location. [server: DRWEBSEC] [port: 30600]
09/24/2015 08:23:37,Information,Websense EIM Server@172.30.40.176,CategoryAgent,WsTransferTimer.cpp:322,0x11460017,Websense has successfully transferred an updated Websense Master Database. This database will now be loaded.
09/24/2015 08:36:41,Information,Websense EIM Server@172.30.40.176,CategoryAgent,WsCategoryAgent.cpp:533,0x11460005,Successfully loaded Websense Master Database version 04955 dated 2015-9-24.
09/24/2015 08:59:08,Information,Websense EIM Server@172.30.40.176,CategoryAgent,WsTransferTimer.cpp:417,0x11460004,Websense Master Database version 04955 dated 2015-9-24 is up to date.
09/24/2015 08:59:27,Warning,Websense EIM Server@172.30.40.176,XidDcAgentUtils,WsXidCollectorClient.cpp:317,0x10010001,Trans ID Agent: Disconnected from XID agent at this location. [server: DRWEBSEC] [port: 30600]
Documentation ( http://www.websense.com/content/support/library/web/v78/triton_web_help/db_download_explain.aspx ) says that “Any time Filtering Service is restarted, it checks for available Master Database updates. The update may begin immediately, rather than waiting for the defined period.” However, the Windows Event Viewer shows no indication that Filtering Service was restarted. On the other hand, it does contain “Special Logon” events in the Security section timestamped a minute or two after each of the XID disconnect/connect messages. Following case 01468067 I checked the ignore.txt file; it already contained an entry for “anonymous logon”.
NEXT STEPS: Unknown to me. How might we enforce the defined download period?
MS dismissed proxy what should be a good substitute for this role ?
HI everybody, I use Websense 7.1 with ISA and want to upgrade to another os platform but MS dismissed all proxy products, what should you suggest ?
I have licence for Web Secutrity am I entitled to use content gateway or not?
Tks
Mike
Active Directory Group Policy and Websense
All,
I am trying to use security groups within Active Directory to determine which level of access our users have to the internet. This is primarily for ease of management, but for some reason, the users within these groups do not seem to pick up the access that i want them to.
We are using the web based solution, whereby the Dir Sync client successfully sync the relevant users and security groups.
I have created the following within our AD:
x3 security groups called Websense Low, Medium, High
Placed these 3 groups in a conatiner called Websense
Created 3 group policies to reflect the computer settings only, with the a different .PAC files per GPO
Created 3 policies called Websense Low, Medium, High
Added the security groups to the policies
As far as I can see this should work ??
Is there anyone out there who has the same sort of configuration who might be able to shed some light on my dilemma? Any help is gratefully received.
Use multiple profiles in the same location?
Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4
Hello,
I am preparing to implement Cloud Web Security for my company and I am running into a problem. I could be misunderstanding so forgive and correct me if I am wrong, but it seems like it REALLY wants you to use just a single Profile per location, specified by having that location’s IP Address as a “Proxied Connection” on the Connections tab within the Profile itself. I’ve seen it suggested in another forum post that you should then handle differences between users by adding small ‘exceptions’ to this single Profile. This doesn’t work for me because we have categories of users within the same building that are so dramatically different that the exceptions would be endless.
I was hoping and expecting to be able to set the IP address (or range) above all my Profiles, and then have user’s account or group membership dictate which Profile they actually use. How can I have different users in the same location be subject to different Profiles?
Ray
A general error has occurred. A detail message was written to the server's log file...
I'm running Websense 7.5.1 on a Windows Server. I get the following error when attempting to add a URL to a User-Defined sub-category we created.
A general error has occurred. A detail message was written to the server's log file, the message can be identfied as 754839753734596.
We have URLs defined in the top level User-Defined category and we have URLs defined in custom categories defined as a sub category under the User-Defined category. We have successfully added many URLs to the categories we've defined in the User-Defined category itself AND the custom sub-categories under User-Defined.
We have not made any changes to the server or Websense; however, we ca no longer add a URL to a User-Defined SUB-category.
When attempting to add a URL to a custom category defined under "User-Defined", I get the error message shown above. I hit the "Cancel" button. After hitting "Cancel", I am automatically brought back to the "Manage Filter Components" screen and the Save button is not an option.
I get the same error when attempting to add a URL to the top level "User-Defined" category. However, after clicking on the"Cancel" button and then the "Save All" button, the site IS added.
Thanks.
Block sites
Hi,
I have a problem, we have the version 7.5.1 and I know i need to upgrade to the latest but for now it impossible.
When I go to a website ex: http://www.zone-telechargement.com/films/bluray-3d normally Websense block the site, but if I put the address a few time, like 2 or 3 time Websense do not block anymore.
Anyone see this problem before.
Thx
Unable to delete a Policy
I've moved users out of a policy I would like to delete, and when I attempt to delete it I get the Confirm: Do you really want to remove these policies -policyname, and I hit ok. The policy appears to be deleted - it is not in the list at this point, but if I browse to a different part of websense and come back the policy re-appears. I also need to delete an associated filter, but I cannot do that until I delete the policy.
FTP Proxy Warning
Not sure if i have the right area to post this but here we go.
We are running Websense "Triton-WebSecurity" and I am having an issue navigating to a proxy site. When i go to the site I.E ftp://username:password@ftp.ftpstite.com i am getting prompted with the message :
The Folder "FTP Address here" is read-only because the proxy server is not set up to allow full access. To move,paste, rename or delete files, you must use a different proxy.
It will then open up in a read only mode which is no good as i need to upload files. If i use the same PC and attempt the same process without going through Websense Proxy (im using a local DSL line) then it works as expected.
Any suggestions are welcome. Thanks
Change Email Address
My firm has recently merged with another company and our email addresses have changed. How do I update my profile for the new email address for when the merger is completed and the current email is permanently removed? I am the Super User, but we have several support folks that will also have to change this.
Thanks
Network Agent not working after upgrade
We have upgraded from version 7.7.3 to version 7.8.4. Upgrade appears to have gone well no error message.
However the network agent isn't working it is running but isn't capturing traffic.
Config is all there and correct and mirror port is correctly configured.
Tested using wireshark on the websense server and that is seeing traffic. Checked real-time monitor and get nothing. Is there a repair operation I can do or should I just install from scratch.
The only thing I did notice was that in the triton web console, when I go help about it is reporting the version as still being 7.7.3, checked programs in control panel and version 7.8.4 is definitely installed. Not sure if this is relevant.
Regards,
Aaron
Possible to recategorize sites for Triton-AP Web?
Does anyone know if it's possible to recategorize URLs for the Cloud product? I know it could be easily accomplished with the appliance, but I haven't seen an option for the Cloud solution.
Thanks,
Andrew
Authenticated proxy issues
We have set up authenticated proxy on our VPN segment to identify users. we used multi-realm authentication with IWA set to our VPN IP range. Some of our users are getting a "proxy authorization required" message when they try to get to external sites.
We are using Triton 7.7.3. The proxies are joined to the domain and we have the WCG fqdn in the intranet site zones. one question about that would be the format. is it supposed to be hostname.domain.com or do we need to put http:// in front of the fqdn?
i have been using VPN for over a week now from work and am unable to recreate the message. i originally thought was because the user didn't log off/on their computer, but they say they do that all the time. Other thoughts were that the time was off from the computer causing the kerberos tickets to expire, but that was not the case. the user account was also not locked.
has anyone experienced this? and what would be a good place to start getting to the bottom of it?