When trying to plan for additional deployments of Websense servers, I've had a hard time figuring out exactly what services I need where because I'm not sure where the points of failure are in terms of connectivity... so I thought I'd ask here.  I know there is some leeway in different services, but how long until they give up and stop working because they can't talk to a dependent?

• How long will a Policy Server operate after it's lost connection to the Policy Broker?
• How long will a Filtering Service operate after losing connection to the Policy Server / User Service?
• Are there any other dependencies between services that need to be taken into account when you're planning to cover new internet connections?  Obviously I want to keep them as few as possible but still need to account for failover and network interruptions.

Thanks,

With the popularity of Fantasy Sports I would like suggest that a sub-category 'Fantasy Sports' be added to the Sports category.  This will allow firms to better filter these sites for their employees.  Currently my firm has a policy preventing the use of these sites and we are having to review reports and add to a User Defined category to filter appropriately.

Hello

I have a customer who has scheduled reports set up and it creates multiple .pdf files that are about 1MB in size.  This causes the reports to make multiple files and then zip them up.  The customer does not like having them sent in a zip file and would prefer if only one file is created.  We currently have these values setup in the wse.ini file that is located in the  ..\Websense\Web Security\webroot\Explorer directory.

sendMulti=0

reportBatchCount=10000

What extra changes should be made to ensure that only one pdf file is created?  Any help would be appreciated.

Trinidad

I am currently migrating users from SurfControl to Websense 7.0 and I'd like to know if I can create multiple Block Pages for different users.  I have a group of users that I want to block access completely too and present a block page with an acceptable use policy.  Other users would get a 'normal' block page depending on the site being blocked.

With Surfcontrol I was able to create multiple Block pages and assign them to individual disallow rules.

Thanks, Tony

I have changed my appliance to user directory and filtering instead of filtering only and now I can not start the Websense Filtering Service on the Triton Box. I get "The Websense Filtering service on Local Computer started and then stopped"

Also when using the Triton manager I can't do any investigation on any user unless I change the policy server on the Triton manager to the Application manager by using the switch button.

Is this by design or have I done something wrong somewhere?

Any advice greatly received...

We are currently using Websense TriTON Unified Security 7.7.

We have just introduced Mobile devices on our LAN using DHCP and we need to exempt the devices based on the user profile from Active directory.

What is the best way to Configure exceptions of mobile devices with changing IP's via DHCP.

Will greatly appreciate any pointer on this issue.

Thanks, 

Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4

Hello,

I am preparing to implement Cloud Web Security for my company and I am running into a problem. I could be misunderstanding so forgive and correct me if I am wrong, but it seems like it REALLY wants you to use just a single Profile per location, specified by having that location’s IP Address as a “Proxied Connection” on the Connections tab within the Profile itself. I’ve seen it suggested in another forum post that you should then handle differences between users by adding small ‘exceptions’ to this single Profile.  This doesn’t work for me because we have categories of users within the same building that are so dramatically different that the exceptions would be endless.

I was hoping and expecting to be able to set the IP address (or range) above all my Profiles, and then have user’s account or group membership dictate which Profile they actually use. How can I have different users in the same location be subject to different Profiles?

Ray

Hi

When i run URL Category check on mail.googlemail.com it comes back with Category -  "Network Errors"

We are currently on database version 04987 that was updateed 10/11/2015 2am

Surely this is a mistake?

We are using Websense Web Security version 7.8.1.  Is it possible to configure our system so that Users that attempt to access an uncategorized site are first presented with a warning notice and are required to confirm that they understand and comply with the relevant firm policies before proceeding to the site?

Thanks!

Hi,

I have a question about how the real time monitor works on Websense Web Security version 7.8.

When looking at the real time monitor it shows the users and what they are browsing, however some of the users traffic is displaying under their active directory login and client IP address but other parts of their browsing is displaying as the administrator user and the IP address of the server that Websense is installed on.

Is this normal behaviour or is it something that has not been configured correctly.

Any information or help on this would be much appreciated.

Many thanks

Hi,

when i try to syncrhonize the users from the DirSync client i receive the message "Session time out, Retrying" for all users. Someone anyone has ever had this issue?

Thanks,

Federico

I am trying to allow a number of URLs to stopped being asked for authentication, but the rules I have put in place under User Agent & Destinations are not working.

How do I stop the URLs from being asked to authenticate?

Hello -

Users in my organization are reporting that they have zero quota time left. I performed the steps detailed in other articles and posts to stop the filter service, rename the quota_surfer.bak file, then restart the filter service. This still didn't fix our issue. Any other suggestions?

Thank you -
Grant 

Hi all.  I am setting the Websense AP-Email 8.1 on-premise.  My setup is simple.  The virtual appliance is in DMZ and APEmail/APData manager with SQL DB is all on one Windows 2008 server inside the network.  I have a hard time detemining the minimum ports I need to open to enable the appliance in DMZ to communicate with the mgmt server.  Can anyone help clarify and confirm this item for me? 

Hi Guys,

When configuring custom DLP policy inside DLP module of Triton AP-Email v 8.0. under "Severity and Action" tab, i created a custom action of quarantine . Till here it is fine. But when i configure notification, i only see "Policy Owners%, "Source",...,etc not something like %Recipients% as target of notification in "Default Notification".

I trolled and scoured whole documentation to find out

I want general recipient to receive notification about Incidents if incoming email violates custom DLP policy.

Is this possible?

I am trying to install Websense WebSecurity on a Centos OS 5.10 i686, when I try to install it gives me an error:

/root/Websense_Setup/Setup.bin line 3319: /tmp/install.dir.5218/Linux/resource/jre/bin/java: cannot execute binary file

Hi everyone,

I'm on WES 7.3.0.1209.  Where can I find the logs that contain failed scheduled events?  We occasionally get email notifications that tell us: "Update Anti-Spam Agent every 30 minutes Error"

Furthermore, this concerns me because I feel that we may not be getting current updates.  When I view "threat updates" in the dashboard, everything is empty.  No version or last successful update can be seen.

How can I view current versions of updates, as well as see failed scheduled events?

Thanks!

David Capurro

we are experiencing frequent network agent crashes. Running 7.8.4 on windows 2012 r2 server.

We tried natunining.ini on Network Agent servers with NbrHandlerThreads=1 or 4 and

eimserver.ini on filtering server with MaxWISPConnections=1000. Neither worked.

event log on NA server:

Log Name:      Application
Source:        Application Error
Date:          11/19/2015 1:01:51 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      0000SWEB8NA02.domain name

Description:
Faulting application name: NetworkAgent.exe, version: 7.8.4.1390, time stamp: 0x53da807d
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000374
Fault offset: 0x00000000000f1280
Faulting process id: 0xd8
Faulting application start time: 0x01d1230d7097bbdd
Faulting application path: C:\Program Files\Websense\Web Security\bin\NetworkAgent.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: c0e63197-8f00-11e5-80d7-98be943d09a4
Faulting package full name:
Faulting package-relative application ID:

NetworkAgent log:

[11/19/2015 12:29:03.062] (2576): Adding protocol Yahoo! Messenger attachments (id: 54)
[11/19/2015 12:29:03.062] (2576): Adding protocol MSN Messenger attachments (id: 55)
[11/19/2015 12:29:03.078] (2576): Adding protocol AOL Instant Messenger or ICQ attachments (id: 56)
[11/19/2015 12:29:03.281] (2576): Adding protocol Bot Networks (id: 92)
[11/19/2015 12:29:03.281] (2576): Adding protocol Email Borne Worms (id: 95)
[11/19/2015 12:29:03.281] (2576): Adding protocol Other (id: 97)
[11/19/2015 12:29:03.281] (2576): Adding protocol Brosix (id: 138)
[11/19/2015 12:29:03.281] (2576): Adding protocol Mail.Ru (id: 147)
[11/19/2015 12:29:03.281] (2576): Adding protocol Octoshape (id: 151)
[11/19/2015 12:29:03.281] (2576): Adding protocol Pandora (id: 148)
[11/19/2015 12:29:03.281] (2576): Adding protocol Instant Housecall (id: 152)
[11/19/2015 12:29:03.281] (2576): Adding protocol Voxox (id: 150)
[11/19/2015 12:29:03.281] (2576): Adding protocol Yuuguu (id: 145)
[11/19/2015 12:29:03.281] (2576): Adding protocol Joost (id: 149)
[11/19/2015 12:29:03.281] (2576): Adding protocol netFM Messenger (id: 146)
[11/19/2015 12:29:03.281] (2576): Adding protocol iSpQ (id: 139)
[11/19/2015 12:29:03.281] (2576): Adding protocol CrossLoop (id: 140)
[11/19/2015 12:29:03.281] (2576): Adding protocol NateOn Messenger Attachments (id: 141)
[11/19/2015 12:29:03.281] (2576): Adding protocol Globe7 (id: 142)
[11/19/2015 12:29:03.281] (2576): Adding protocol Chikka Messenger (id: 143)
[11/19/2015 12:29:03.281] (2576): Adding protocol Live Mesh (id: 144)
[11/19/2015 12:29:03.281] (2576): Adding protocol Revver (id: 155)
[11/19/2015 12:29:03.281] (2576): Adding protocol Hulu (id: 156)
[11/19/2015 12:29:03.281] (2576): Adding protocol ShareNow (id: 161)
[11/19/2015 12:29:03.281] (2576): Adding protocol Badongo Buddy (id: 163)
[11/19/2015 12:29:03.281] (2576): Adding protocol Spotify (id: 165)
[11/19/2015 12:29:03.281] (2576): Adding protocol ClipMoon (id: 157)
[11/19/2015 12:29:03.281] (2576): Adding protocol Comodo EasyVPN (id: 166)
[11/19/2015 12:29:03.281] (2576): Adding protocol MyPlay (id: 164)
[11/19/2015 12:29:03.281] (2576): Adding protocol Goober Messenger (id: 168)
[11/19/2015 12:29:03.281] (2576): Adding protocol Netease Popo (id: 101)
[11/19/2015 12:29:03.281] (2576): Adding protocol Mikogo (id: 167)
[11/19/2015 12:29:03.281] (2576): Adding protocol Opera Unite (id: 159)
[11/19/2015 12:29:03.281] (2576): Adding protocol Dailymotion (id: 160)
[11/19/2015 12:29:03.281] (2576): Adding protocol NateOn (id: 105)
[11/19/2015 12:29:03.281] (2576): Adding protocol YouSendIt (id: 154)
[11/19/2015 12:29:03.281] (2576): Adding protocol NateOn Remote Access (id: 153)
[11/19/2015 12:29:03.281] (2576): Adding protocol Vimeo (id: 158)
[11/19/2015 12:29:03.281] (2576): Adding protocol Palringo (id: 162)
[11/19/2015 12:29:03.281] (2576): Adding protocol Neos (id: 109)
[11/19/2015 12:29:03.281] (2576): Adding protocol Xfire (id: 125)
[11/19/2015 12:29:03.281] (2576): Adding protocol MSC Messenger (id: 126)
[11/19/2015 12:29:03.281] (2576): Adding protocol VZOchat (id: 133)
[11/19/2015 12:29:03.281] (2576): Adding protocol AOL Instant Messenger or ICQ (id: 21)
[11/19/2015 12:29:03.281] (2576): Adding protocol Yahoo! Messenger (id: 3)
[11/19/2015 12:29:03.281] (2576): Adding protocol TryFast Messenger (id: 132)
[11/19/2015 12:29:03.281] (2576): Adding protocol X-IM (id: 119)
[11/19/2015 12:29:03.281] (2576): Adding protocol Tencent QQ (see the Knowledge Base) (id: 49)
[11/19/2015 12:29:03.281] (2576): Adding protocol IRC (id: 5)
[11/19/2015 12:29:03.281] (2576): Adding protocol Gadu-Gadu (id: 66)
[11/19/2015 12:29:03.281] (2576): Adding protocol SIMP (Jabber) (id: 4)
[11/19/2015 12:29:03.281] (2576): Adding protocol Camfrog (id: 72)
[11/19/2015 12:29:03.281] (2576): Adding protocol IMVU (id: 124)
[11/19/2015 12:29:03.281] (2576): Adding protocol Meetro (id: 115)
[11/19/2015 12:29:03.281] (2576): Adding protocol MySpaceIM (id: 116)
[11/19/2015 12:29:03.281] (2576): Adding protocol Yahoo! Mail Chat (id: 127)
[11/19/2015 12:29:03.281] (2576): Adding protocol MSN Messenger (id: 2)
[11/19/2015 12:29:03.281] (2576): Adding protocol Google Talk (id: 79)
[11/19/2015 12:29:03.281] (2576): Adding protocol Wengo (id: 84)
[11/19/2015 12:29:03.281] (2576): Adding protocol HTTPS (id: 11)
[11/19/2015 12:29:03.281] (2576): Adding protocol SoonR (id: 110)
[11/19/2015 12:29:03.281] (2576): Adding protocol Vyew (id: 128)
[11/19/2015 12:29:03.281] (2576): Adding protocol Gizmo Project (id: 87)
[11/19/2015 12:29:03.281] (2576): Adding protocol Zolved (id: 135)
[11/19/2015 12:29:03.281] (2576): Adding protocol SoftEther PacketiX (id: 121)
[11/19/2015 12:29:03.281] (2576): Adding protocol Paltalk (id: 74)
[11/19/2015 12:29:03.281] (2576): Adding protocol BeInSync (id: 134)
[11/19/2015 12:29:03.281] (2576): Adding protocol WallCooler VPN (id: 137)
[11/19/2015 12:29:03.281] (2576): Adding protocol Woize (id: 99)
[11/19/2015 12:29:03.281] (2576): Adding protocol HTTP (id: 1)
[11/19/2015 12:29:03.281] (2576): Adding protocol Telnet (id: 17)
[11/19/2015 12:29:03.281] (2576): Adding protocol Eyeball Chat (id: 77)
[11/19/2015 12:29:03.281] (2576): Adding protocol Wavago (id: 90)
[11/19/2015 12:29:03.281] (2576): Adding protocol MyIVO (id: 102)
[11/19/2015 12:29:03.281] (2576): Adding protocol TeamViewer (id: 131)
[11/19/2015 12:29:03.281] (2576): Adding protocol Terminal Services (id: 38)
[11/19/2015 12:29:03.281] (2576): Adding protocol Citrix (id: 39)
[11/19/2015 12:29:03.281] (2576): Adding protocol Toonel (id: 106)
[11/19/2015 12:29:03.281] (2576): Adding protocol SocksOnline (id: 108)
[11/19/2015 12:29:03.281] (2576): Adding protocol Hopster (id: 65)
[11/19/2015 12:29:03.281] (2576): Adding protocol WebEx (PCNow & Support Center) (id: 85)
[11/19/2015 12:29:03.281] (2576): Adding protocol pcTELECOMMUTE (id: 36)
[11/19/2015 12:29:03.281] (2576): Adding protocol Tor (id: 71)
[11/19/2015 12:29:03.281] (2576): Adding protocol JAP (id: 88)
[11/19/2015 12:29:03.281] (2576): Adding protocol pptp (id: 32)
[11/19/2015 12:29:03.281] (2576): Adding protocol GhostSurf (id: 68)
[11/19/2015 12:29:03.297] (2576): Adding protocol RealTunnel (id: 80)
[11/19/2015 12:29:03.297] (2576): Adding protocol VNC (id: 37)
[11/19/2015 12:29:03.297] (2576): Adding protocol ssh (id: 33)
[11/19/2015 12:29:03.297] (2576): Adding protocol pcANYWHERE (id: 35)
[11/19/2015 12:29:03.297] (2576): Adding protocol LogMeIn (id: 81)
[11/19/2015 12:29:03.297] (2576): Adding protocol TongTongTong (id: 107)
[11/19/2015 12:29:03.297] (2576): Adding protocol Google Web Accelerator (id: 69)
[11/19/2015 12:29:03.297] (2576): Adding protocol BoxCloud (id: 111)
[11/19/2015 12:29:03.297] (2576): Adding protocol Metacafe (id: 130)
[11/19/2015 12:29:03.297] (2576): Adding protocol Windows Media (id: 6)
[11/19/2015 12:29:03.297] (2576): Adding protocol iTunes (id: 67)
[11/19/2015 12:29:03.297] (2576): Adding protocol Google Video (id: 76)
[11/19/2015 12:29:03.297] (2576): Adding protocol SHOUTcast (id: 70)
[11/19/2015 12:29:03.297] (2576): Adding protocol Liquid Audio (id: 46)
[11/19/2015 12:29:03.297] (2576): Adding protocol Social FM (id: 136)
[11/19/2015 12:29:03.297] (2576): Adding protocol Slingbox (id: 103)
[11/19/2015 12:29:03.297] (2576): Adding protocol Finetune (id: 129)
[11/19/2015 12:29:03.297] (2576): Adding protocol PeerCast (id: 82)
[11/19/2015 12:29:03.297] (2576): Adding protocol JetCast (id: 75)
[11/19/2015 12:29:03.297] (2576): Adding protocol AOL Radio (id: 86)
[11/19/2015 12:29:03.297] (2576): Adding protocol FastTrack (Kazaa iMesh) (id: 10)
[11/19/2015 12:29:03.297] (2576): Adding protocol Your Freedom (id: 91)
[11/19/2015 12:29:03.297] (2576): Adding protocol RTSP (QuickTime RealPlayer) (id: 7)
[11/19/2015 12:29:03.297] (2576): Adding protocol FolderShare (id: 100)
[11/19/2015 12:29:03.297] (2576): Adding protocol ClubBox (id: 104)
[11/19/2015 12:29:03.297] (2576): Adding protocol MindSpring (id: 123)
[11/19/2015 12:29:03.297] (2576): Adding protocol eDonkey (id: 42)
[11/19/2015 12:29:03.297] (2576): Adding protocol FTP (id: 12)
[11/19/2015 12:29:03.297] (2576): Adding protocol Gnutella (Morpheus Xolox) (id: 9)
[11/19/2015 12:29:03.297] (2576): Adding protocol Hotline Connect (id: 43)
[11/19/2015 12:29:03.297] (2576): Adding protocol Pando (id: 112)
[11/19/2015 12:29:03.297] (2576): Adding protocol Damaka (id: 113)
[11/19/2015 12:29:03.297] (2576): Adding protocol DirectConnect (id: 64)
[11/19/2015 12:29:03.297] (2576): Adding protocol BitTorrent (id: 48)
[11/19/2015 12:29:03.297] (2576): Adding protocol SoulSeek (id: 118)
[11/19/2015 12:29:03.297] (2576): Adding protocol Skype (id: 53)
[11/19/2015 12:29:03.297] (2576): Adding protocol GigaTribe (id: 114)
[11/19/2015 12:29:03.297] (2576): Adding protocol EZPeer (id: 58)
[11/19/2015 12:29:03.297] (2576): Adding protocol Hamachi (id: 89)
[11/19/2015 12:29:03.297] (2576): Adding protocol Raketu (id: 122)
[11/19/2015 12:29:03.297] (2576): Adding protocol Onshare (id: 117)
[11/19/2015 12:29:03.297] (2576): Adding protocol Qnext (id: 73)
[11/19/2015 12:29:03.297] (2576): Adding protocol Project Neon (id: 83)
[11/19/2015 12:29:03.297] (2576): Adding protocol SQL Net (id: 20)
[11/19/2015 12:29:03.297] (2576): Adding protocol POP3 (id: 15)
[11/19/2015 12:29:03.297] (2576): Adding protocol IMAP (id: 47)
[11/19/2015 12:29:03.297] (2576): Adding protocol Microsoft HTTPMail (id: 78)
[11/19/2015 12:29:03.297] (2576): Adding protocol ident (id: 28)
[11/19/2015 12:29:03.297] (2576): Adding protocol daytime (id: 26)
[11/19/2015 12:29:03.297] (2576): Adding protocol Gopher (id: 13)
[11/19/2015 12:29:03.297] (2576): Adding protocol Lotus Notes (id: 23)
[11/19/2015 12:29:03.297] (2576): Adding protocol WAIS (id: 41)
[11/19/2015 12:29:03.297] (2576): Adding protocol SMTP (id: 14)
[11/19/2015 12:29:03.297] (2576): Adding protocol NetMeeting (id: 25)
[11/19/2015 12:29:03.297] (2576): Adding protocol finger (id: 27)
[11/19/2015 12:29:03.297] (2576): Adding protocol LDAP (id: 29)
[11/19/2015 12:29:03.297] (2576): Adding protocol NTP (id: 30)
[11/19/2015 12:29:03.297] (2576): Adding protocol OpenWindows (id: 31)
[11/19/2015 12:29:03.297] (2576): Adding protocol SOCKS 5 (id: 18)
[11/19/2015 12:29:03.297] (2576): Adding protocol NFS (id: 34)
[11/19/2015 12:29:03.297] (2576): Adding protocol NNTP (id: 19)
[11/19/2015 12:29:03.297] (2576): Adding protocol Orsiso (id: 172)
[11/19/2015 12:29:03.297] (2576): Adding protocol MyGreenPC (id: 173)
[11/19/2015 12:29:03.297] (2576): Adding protocol Access Grid (id: 178)
[11/19/2015 12:29:03.297] (2576): Adding protocol Remote Control PC (id: 174)
[11/19/2015 12:29:03.297] (2576): Adding protocol Ares (id: 62)
[11/19/2015 12:29:03.297] (2576): Adding protocol MySpace Player (id: 176)
[11/19/2015 12:29:03.297] (2576): Adding protocol Baidu Hi (id: 171)
[11/19/2015 12:29:03.297] (2576): Adding protocol Nimbuzz (id: 170)
[11/19/2015 12:29:03.297] (2576): Adding protocol Gmail Chat (WSG Only) (id: 98)
[11/19/2015 12:29:03.297] (2576): Adding protocol BBC iPlayer (id: 179)
[11/19/2015 12:29:03.297] (2576): Adding protocol Google Wave (WSG Only) (id: 169)
[11/19/2015 12:29:03.297] (2576): Adding protocol Adobe Updater (WSG Only) (id: 175)
[11/19/2015 12:29:03.297] (2576): Adding protocol Solid State Delivery Platform (id: 177)
[11/19/2015 12:29:03.297] (2576): Total m_criteria is 422
[11/19/2015 12:29:03.297] (2576): Set protocol cache rules
[11/19/2015 12:29:03.312] (2576): Before load EIM uid:
[11/19/2015 12:29:03.312] (2576): After load EIM uid:aa974909-d4b6-11e4-b088-c9f0f895fb98
[11/19/2015 12:29:03.312] (2576): error: 0, before: FFFFFFFF, get uintIP = A1201E1
[11/19/2015 12:29:03.343] (2576): WARNING : WsNetworkAgent::GetThreadNumber() - Thread Number = 8 are decided by CPU number.
[11/19/2015 12:29:03.343] (2576): WsNetworkAgent::Start - Need reallocate memory for NA.
[11/19/2015 12:29:03.343] (2576): GENERAL : WsNetworkAgent::ReallocateMemoryResource() - monitor nic = 1.
[11/19/2015 12:29:03.343] (2576): WARNING : WsNetworkAgent::GetThreadNumber() - Thread Number = 8 are decided by CPU number.
[11/19/2015 12:29:03.343] (2576): GENERAL : WsNetworkAgent::ReallocateMemoryResource() - Thread Count = 8.
[11/19/2015 12:29:03.343] (2576): WARNING : WsNetworkAgent::GetThreadNumber() - Thread Number = 8 are decided by CPU number.
[11/19/2015 12:29:03.343] (2576): WsNetworkAgent::GetThreadByOptimizeSocket() - SocketPerThread = 15, Thread Count = 8.
[11/19/2015 12:29:03.343] (2576): WARNING : WsNetworkAgent::ReallocateMemoryResource() - Update  Monitor NIC = 1, Thread Count = 8, SocketPerThread = 15 .
[11/19/2015 12:29:03.343] (2576): WsNetworkAgent::ReallocateMemoryResource() - Memory : Packet = 13194240, SessionSize = 7517888 and Transaction = 122434176
[11/19/2015 12:29:03.343] (2576): Entering UpdateCaptureConfig(NIC-1)
[11/19/2015 12:29:03.343] (2576): Enable capturing for NIC-1:
OperationMode: 3 (StandAlone: 1)
InjectNIC: NIC-2 (Dest MAC: auto)
HTTPOnAnyPort: 1 (Purchased: 1)
[11/19/2015 12:29:03.359] (2576): WsNICInject:: Destination MAC: auto (Type: 3)
[11/19/2015 12:29:03.359] (2576): WsNICInject::Device: \Device\Packet40_{F3B856A3-CBED-4326-BF39-88FFA0439201}
[11/19/2015 12:29:03.359] (2576): WsNICInject::Mac Spoofing: false
[11/19/2015 12:29:03.359] (2576): Inject NIC MAC: 98:be:94:3d:09:a3
[11/19/2015 12:29:03.359] (2576): Inject NIC's gateway MAC: 00:07:b4:00:02:02
[11/19/2015 12:29:03.359] (2576): Inject NIC's subnet: 10.18.1.0
[11/19/2015 12:29:03.359] (2576): Inject NIC of IPv6 MAC: 98:be:94:3d:09:a3
[11/19/2015 12:29:03.359] (2576): WsNICInject: IPv6 addr: 0000:0000:0000:0000:0000:0000:0000:0000, gateway addr: 0000:0000:0000:0000:0000:0000:0000:0000.
[11/19/2015 12:29:03.359] (2576): bind to local 0000:0000:0000:0000:0000:0000:0000:0000!
[11/19/2015 12:29:03.359] (2576): WSAIoctl SIO_RCVALL failed: 10022

To date I've created/commented on other threads on this forum regarding this, but this thread serves to centralize this issue.  Since the google crawler seem to hit these forums, hopefully this will get some attention.

If you are reading this thread and the issues below pertains to you as well, please comment below.

My corporation chose to purchase Websense in order to perform web filtering, as well as MITM (man in the middle) SSL decryption/monitoring for Data Loss Prevention.

Currently, as it stands,  for a secure implementation of Websense, if SSL decryption is enabled, and you are using an internal certificate to present to end users,  you must enable the Certificate Verification Engine feature in the Websense Content gateway.  What this feature does is perform various checks against the external SSL certificate to confirm the validity of that certificate.  

If you do not enable this certificate engine while performing SSL decryption, you are flying blind, essentially, as other MITM schemes and invalid cert issuers can intercept your data, and no one in your organization will know.  (e.g. think about the recent issues with Diginotar certs being hacked and gmail victims falling prey)

For example, let's use the example of visiting https://www.gmail.com.  With SSL decryption enabled, end users will see that this website is using a valid certificate, one that is issued by your company internally; essentially masking the actual SSL certificate.  The verification engine then should validate the external SSL certificate.  If this validation fails, then a warning should be displayed to the end user -- a warning much like if you visited a site with an expired/invalid certificate.

To date, the verification engine feature does not work without causing massive issues in an environment.

Here are two issues that I've identified so far:

Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4

• [Minor] When Websense validates a certificate, there is an option to check for CRL (certificate revocation list) to determine if a certificate has been revoked.  The problem with this is, there are many certificates issued/used on the internet that seemingly have problems/ don't adhere to this standard.   (not sure why)  The easy solution would be to disable the CRL check option under the verification engine.  However, this disablement does not currently work.    This results in many end users bombarding the helpdesk wondering what websense block "verify deny = 0" means.

• [Major] Certain websites, such as wellsfargo.com do not load properly, or do not load at all via SSL.  This is an intermittent issue.   Since this is a banking website, it is imperative to have SSL work.  I have provided logs.  I have provided data dumps, I have spent numerous hours troubleshooting this issue with Websense. Websense has even been able to reproduce this issue, but I have been told that I will need to impact my production environment further by enabling this feature on long term to collect more dumps.  This becomes a problem, as the [minor] issue above causes the helpdesk line to flood.  Because of this, my 6+ month case has been closed, pending results for the issue above.

This issue has been escalated to the point where a Sr. Manager of Technical Support has been involved, but still, no real traction yet.  To be fair,  it's only been 6+ months of troubleshooting/waiting.

The most troubling thing I've seen is that it appears that others on this forum who use SSL decryption simply acknowledge that this is an issue and simply ignore/disable the verification engine.  They've accepted the risk as an technical engineer, but I can only but wonder if their IT management staff realize the data security ramifications.

Anyhow...

If you are reading this as a potential websense customer:  Be aware of this issue.  I'm not happy about this situation at all.    This is a web security problem.

If you are reading this as another company who is using SSL decryption, and have run into these issues, or know of further issues to raise,  chime in below. 

If you are a websense staff member and care to check out my claims or offer some solutions, please do so!  I welcome any/all comments, both positive or negative. Both cases associated to my account have been escalated to backline, while one is currently closed pending results from the other case.

I'll be continually updating this thread, if it does not end up getting brownholed.

Normal 0 false false false EN-US X-NONE X-NONE

I am using Web Security 7.8.4 with current database updates. Recently I have started to have a problem with embedded content being blocked. An example is the page http://www.swissarmy.com/us/content/store_finder the store finder content in the main frame is actually hosted at http://hosted.where2getit.com. When I visit the page the content begins to build then turns into a strange looking 403 error:

Normal 0 false false false EN-US X-NONE X-NONE

I have put filter exceptions into my firewall as a work around (the exception is for the destination of the embedded content then everything works fine) but I need an actual root-cause and solution. I am using an ASA 5510 running code 9.1(6), below is my config for Websense:

url-server (inside) vendor websense host USHQUTWEBSENP01 timeout 30 protocol TCP version 4 connections 5

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

I have watched the session from both the realtime monitor and a WISP trace, I don’t see a request for http://hosted.where2getit.com either blocked or permited. I have used the filtering test in the Triton console to verify that the content should be permitted and I am able to visit http://hosted.where2getit.com as a standalone webpage.