Hi
New user to Cloud Security Gateay.
Perimeter firewall is closed for most outbound traffic, so we opened up the ports and IP ranges specified in the Product Evaluation Guide (which matches the relevant web security details on:
http://www.websense.com/content/support/library/web/hosted/getting_started/firewall_config.aspx
and
When web endpoint runs on a client, it cannot see the cloud service and appears with an exclamation mark in the system tray. It does configure the IE proxy settings, and filtered browsing does work albeit a bit clunky at the moment.
If I move the machine onto an unfiltered (non-firewalled) connection then it successfully connects and shows with a tick in the system tray.
Network monitoring shows that wepsvc.exe and wepdiag.exe both try to connect to www.msncsi.com/ncsi.txt presumably to determine if the Internet is available. This is evidently some sort of cname dns record resolving to numerous other hosts, presumably for better geographic affinity, but there are numerous IP addresses involved.
Is it a requirement for these processes to be able to contact that URL in order or Web Endpoint client to decide the Internet is available (and thus not go into override mode)? If so, why is it not stipulated in the documentation for firewall configuration?
If I run nmap against webdefense.global.blackspider.com, I see the following which is largely what I would expect to see:
80 - open
443 - closed
8080 - filtered
8081 - open
8082 - open
8083-8087 - filtered
8088-8089 - open
8090-8100 - filtered
The same results arise from both corp net (filtered behind firewall) and a home-type DSL network with no outbound ACLs.
Any help\advice would be appreciated.
Thanks.
David