I'm not seeing a way to do this but I'm curious if you can somehow define a network range and give it a name.
The reason I ask is because we have a number of guest networks and BYOD device networks throughout the company and it would be much easier to identify them in the reporting if it was associated with a meaningful name. Currently we have to cross reference a list of defined networks which slows the process down.
Websense is integrated with AD, for users internet access. But for some users instead of their AD ID their desktop hostname appears as a username.
And these users experience issues with visiting URLs even which are permitted to them.
What can be the probable cause ? Kindly suggest.
Thanks in advance.
I have multiple users getting an Forepoint error message when they try to login to a website url: https:\\www.medicareinfo.com\ . The error message states: Could not connect to server. The remote side uses a protocol version that is not enabled.
Any suggestions would be greatly appreciated.
Good Moring.
We have triton web and security 8.1 installed. i had a quick look on the filtering categories and when i check those against the online database it seems like i am missing few sub categories.
For example i cant expend: collaboration - office or the facebook category. is that product driven ?
We have a multi-domain forest with admin accounts in each domain with the same user name. EG:
I have configured TRITON to use Active Directory and to point to a domain controller on the GC port 3268.
When I use a DC in the child domain SUBDOM1 and log in with the user name and password (i.e. no domain) it works fine.
If I use a DC in the ROOT domain, I can't log in with any account, whether I use:
I should note that groups have been added as Global Admins from each domain ROOT, and SUBDOM1.
Can anyone explain how I can get this working using the forest root domain as the domain controller?
I'm running TRITON AP Web v 8.1
Hi,
I'm aware that the Forcepoint Web Gateway can enable read-only access to selected Social Media services.
I'm wondering if anyone has managed to apply an equivalent control to services in the Personal Network Storage category?
The specific scenario I have is that an accounting website have chosen to use Slideshare embedded in their site to share a presentation. This is cateogorised as Personal Network Storage - which our company blocks due to risk to corporate information.
What I'd like to do is allow staff view / read only access to the service so they can consume information - but not open access to the service or category in a manner that allows them to upload information.
Is this possible?
Thanks,
Geoff
The Dashboard Threats tab is not showing Suspicious Network Activity. All the events are checked. While the rest of the tabs are showing current Risks, Uasage, and System data. I used to have inforamtion before the current build? Am I just that lucky or did a parameter get changed?
| Unified Security Center build: | 7.7.3.11 |
| Web Security build: | 7.7.3.1147 |
The Websense Citrix Installation Package solved our issue of misidentifying Citrix users, but it breaks the XenApp plugin.
We use the XenApp plugin (formerly known as pnagent or program neighborhood agent). When the package is installed it completely breaks this piece. The XenApp plugin is used to deliver the icons to the users desktops once they log in and is critical to the deployment.
The actual message that comes up is Citrix Receiver could not contact the server. Please check your network connection.
When we remove the package we no longer get errors.
Hello,
I was working with a customer yesterday who was following this documentation to test out the new certificate.
http://www.websense.com/content/support/library/web/hosted/articles/SHA-Migration-Note.pdf
When the customer has both certificates installed, he does not get a certificate error when going to a SSL site. However, if we remove the old certificate and have only the Forcepoint certificate installed, we receive a cert error. After viewing the certificate, we can see that it is SHA 256 but the certification path shows Websense instead of Forcepoint.
The customer would like to be able to test the new certificate properly. Would it be possible to correct the proxy so the certification path shows Forcepoint instead of Websense? The method we are using to direct the traffic is by editing the hosts file to include the following line and running ipconfig /flushdns
208.87.234.173 hybrid-web.global.blackspider.com
If you need anything else from me, please let me know.
Regards,
Trinidad
I have Websense Endpoint deploying via GPO (Software installation function) which works very well after editing the msi in ORCA to add the WSCONTEXT value.
What I can't figure out is where to add the XPSWDPXY property in ORCA for the automatic uninstallation.
If anyone has worked this out and is willing to share, I would be most grateful 
Many thanks
I have a V10000 that I recently upgraded to 8.2 and gave a new subordinate CA cert from our Enterprise root CA. This is a SHA256 CA cert. However, I noticed when the WCG issues a cert to sites such as https://www.google.com its still signed with SHA1. When or how will this be changed to SHA256? I'm getting dinged by security auditors.
Has anyone experienced issues after upgrading from IE10 to IE 11? Specifically problems accessing sites such as yahoo.com/google.com ?
records.config include Content Gateway entries to enable TLS1/TLS1.2 support
CONFIG proxy.config.ssl.server.TLSv11 INT 1
CONFIG proxy.config.ssl.server.TLSv12 INT 1
CONFIG proxy.config.ssl.client.TLSv11 INT 1
CONFIG proxy.config.ssl.client.TLSv12 INT 1
When a user attempts to access yahoo.com in Internet Explorer 11 they immediately receive 'Page cannot be displayed'. If they go to Tools > Advance > and uncheck 'tls1.2' they can browse to the page just fine.
The question I have is: should I disable the TLSv1.2 in the records.config file?
Old: CONFIG proxy.config.ssl.client.TLSv12 INT 1
New:CONFIG proxy.config.ssl.client.TLSv12 INT 0
If I do so, will it break all IE 10 users?
After a lot of troubleshooting and research, I was finally able to figure out what was wrong. Upgrading to 8.2 kept hanging at Copy files from C:\Windows\Installer\... It would get stuck on 2 bars, even if I let it run over night. No errors in the Windows Event Logs, but in C:\Users\<User>\AppData\Temp there was a folder (called 2 or 3 or could be something different) that referenced out of memory errors related to Java and Heap errors. My machine is Windows 2008 R2 with plenty of memory and disk space. I have the current version of Java (32 and 64 bit and I tried uninstalling/installing both, but still wouldn't work). My %JRE_HOME% pointed to the DSS JRE folder (Data Security), so I pointed it to both the Windows Java 32 and 64 bit folder, but still nothing.
Thanks to Google and a sense of adventure on my part, I did the following and it worked (not sure if all are required):
- Uninstalled 32 bit Java and only installed 64 bit
- Made sure the %JRE_HOME% Environmental Variable pointed to the C:\Program Files\ java folder (full back which includes version number, but not BIN folder)
- Added _JAVA_OPTIONS Environmental Variable in Windows (Machine variable) with the value of -Xmx512M (you may want to try 256 if you only have 4GB of memory)
- Also followed the instructions on this page to add the parameter within Java itself (http://www.wikihow.com/Increase-Java-Memory-in-Windows-7) - In Control Panel > Java > Java tab > add -Xmx512M in the Runtime Parameter field
I don't know for sure, but this may need to be adjusted every time Java is updated (will know the next time a new Java version is released)
I hope this helps others.
We are using the web content gateway version 8.1. We have an application that our users run from there desktop that accesses the Internet and executes the application. However, every time our users run this application they are prompted for proxy authentication. We put the host address of the application in the allow tunneling of the ssl decryption bypass on the proxy but the users continue to get prompted to authenticate to the proxy before it allows them to use the application. Can anyone point me in the right direction to help me stop this authentication process through the proxy? It's an annoyance for my users to have to sign into the proxy again. Let me know. Thank you.
Hi,
I recently had a new deployment done for a customer and a week later the investigative reports showing
If you have just installed reporting tools, the setup program may be preparing your database right now. Please wait 30 minutes and try again.
it was working but now the above message shows. I did logserver -c and windows says the process crashed. I re-installed the logserver but still same error.
i ran testlogserver but there are no hits showing, rtm shows fine and filtering works fine but testlogserver showing just accepting connections and no hits as its usually showing.
Any ideas?
thanks!
Hi,
Has anyone faced any issues with some websites displaying properly on Microsoft Edge browser?
Customer has v8.1 with all HF's installed but when opening emirates.com only text is displayed but not images. The customer has an older version, v7.6 of WSG running and that has no issues.
The only difference between old and new web deployments is https inspection.
On the v.8.1 firefox works fine but IE sometimes does not work and edge never displays the page properly.
I have run a testlogserver to see if any image sites within the main url are blocked but all urls are allowed as shown in the tslogserver output.
Any1 have any ideas or faced such issues?
Thanks!
Within the last few months we updated our Websense 7.5 to the Websense AP-WEB 8.1. I'm unsure if this is when this started happening as it was just reported today. Under Policy Management > Clients, we have several users setup within the Directory as having a Policy assigned to them. We have found this simply doesn't enforce any sort of policy. I have tried modifying existing users, have tried a new user, and multiple different policies to no avail. Its almost as if Websense doesn't have a proper connection to AD to detect when a user is logging into a computer. Within this same window, if I put in the computers IP address, filtering works properly, so I know for sure that much is fine. Its just based on the AD user that isn't working.
I did check under Settings > Directory Services what we have setup, and its currently on "Windows Active Directory (Mixed Mode). From what I could find, with it setup this way there is no other additional configuration required.
In addition, if I click on the "Test Filtering" button on the right side, put in my user account and website I know is blocked, it does pop up a message saying, "Result:This URL was blocked. It does not appear in the current limited access filter."
I'm curious if I can attempt to establish if there is a proper AD connection or not, or some other troubleshooting idea you may have.
Running version 7.8.4 on Server 2008 R2 Standard, standalone
Full error message:
The management console cannot connect to the primary Policy Server. The version is correct but Policy Server cannot be reached. There are no available secondary Policy Servers with the proper version.
Please make sure there is at least one Policy Server running whose version matches the management console version, and network communication is possible between them. To attempt to restart the primary Policy Server, click Restart.
Anything I can try?
Anyone installed the endpoint agent as part of a system build? Interested to know if it works on Win 7,8&10 as part of a build
Hi All,
Please let me know actually what happened in below mentioned two scenarios
Scenario 1: Action in the report is "Confirmed", direction "unknown", Category is "Malicious Websites" and action configured is "Block Access".
Is the malicious website got accessed by the user or it got blocked?
Scenario 2:
Action in the report is "Blocked", direction "Outbound", Category is "Malicious Websites", URL is "differentia.ru", policy is "Test", action configured is "Block Access".
Action in the report is "Authentication Required", direction "unknown", Category is "Malicious Websites", URL is "differentia.ru", policy is "Test", action configured is "Block Access".
Is the malicious website got accessed by the user or it got blocked?