Hi, I'm currently testing the newest version of Websense (7.8.4) and it's ipv6 filtering. Because of the environment I'm in, I can test ipv4 by blocking sites on the internet, but there is no internet connectivity on the ipv6 network. Because of this, I had to stand up an ipv6 web server inside our network, and because of network issues it is on a machine on the same ipv6 subnet as the client I'm using to access the web server.
My question is, will the response time of the webserver packets cause a conflict with the websense packets, in that the rst packets are not sent quickly enough and the web server "wins out"? When I go to access the page (and it's blocked via policy), I see in RTM that the page is marked as blocked but it still appears on the client. I see through Wireshark that when I access a blocked ipv4 page, I get the SYN, SYN ACK, and ACK packets as expected, and then the GET and the 302 packets. I then see the RST packets, along with an ACK. When I try to access the ipv6 server, however, I see SYN, SYN ACK, and ACK packets in the begiinning, then a GET, but then I see a FIN PSH ACK packet from the spoofed IP instead of the 302. I don't see the 302 until much later, along with some out-of-order and reassembled PDU packets. I see a bunch of RST packets, but they don't seem to do anything since I'm still connected to the web server (I get the page).
I'm confused, I believe it may be due to the fact that the client, network agent, and webserver are all on the same vlan. I should also note that I'm using the software stand-alone version of Websense Web Security. Any help would be greatly appreciated, thanks!