Websense uses a multiplicity of ports, many of which are poorly documented. It would be much simpler if there was one Websense service that acted as a broker for server-to-server communications so that all communications could tunnel over one Websense port and the network broker service could then split out the individual component traffic locally on the host.
You can achieve something similar with SSH tunnelling if you have a pure Linux deployment (which you won't because TRITON USC is Windows only) or IPsec if you have a pure Windows deployment (which you won't because CG and ESG is Linux only). So having Websense provide the cross-platform mechanism for tunnelling all the various connections across one port would greatly assist us.
Oh, and support deployments of Websense components behind a NAT! Includes WS and DS products.