https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543135#M498121 <HTML><HEAD></HEAD><BODY><P>NEED YOUR HELP for Intergarting PIX-Websense</P><P></P><P>Hi,</P><P></P><P>I am facing problem in integratiing PIX525(1:1 Active-Stdby), IOS 6.34. I have followed the documentation provided by Websense to do that. Websense ver is 6.1</P><P></P><P>I have taken the ethreal cap to see the TCP handshake bet'n PIX and websense. But it is not able to filter anything. I am using websense for Intranet only so have created custom URLs based on IP addresses and hostnames. Also I have tried to connect the websense server on SPAN port also but Test visibility tool is unable to find any IP addresses for Network agent.</P><P></P><P>Can you please help on this.</P><P></P><P>Regards,</P><P>Nitin</P><P></P><P></P></BODY></HTML> Tue, 29 Aug 2006 04:01:38 GMT nitinmathur 2006-08-29T04:01:38Z https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543132#M498115 <P>I'm using a PIX 515 with IOS version 7.0(4) and a websense filtering server. Everything works fine until the server is taken offline for maintenance. When the server is replaced I have to re-create the url-filtering commands on the PIX in order for the server to start filtering again. Any ideas on why this must be done?</P> Fri, 21 Feb 2020 09:07:54 GMT https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543132#M498115 cprice2k7 2020-02-21T09:07:54Z https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543133#M498117 <HTML><HEAD></HEAD><BODY><P>Finally found the Cisco write up on this.</P><P> <A class="jive-link-custom" href="http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K65713155" target="_blank">http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K65713155</A></P><P></P></BODY></HTML> Wed, 23 Aug 2006 18:53:49 GMT https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543133#M498117 cprice2k7 2006-08-23T18:53:49Z https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543134#M498119 <HTML><HEAD></HEAD><BODY><P>I had similar problems on multiple PIX/ASAs. After I upgraded to v7.21, the problems ceased. Good luck.</P><P></P><P>Jay</P></BODY></HTML> Wed, 23 Aug 2006 19:19:01 GMT https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543134#M498119 jwalker 2006-08-23T19:19:01Z https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543135#M498121 <HTML><HEAD></HEAD><BODY><P>NEED YOUR HELP for Intergarting PIX-Websense</P><P></P><P>Hi,</P><P></P><P>I am facing problem in integratiing PIX525(1:1 Active-Stdby), IOS 6.34. I have followed the documentation provided by Websense to do that. Websense ver is 6.1</P><P></P><P>I have taken the ethreal cap to see the TCP handshake bet'n PIX and websense. But it is not able to filter anything. I am using websense for Intranet only so have created custom URLs based on IP addresses and hostnames. Also I have tried to connect the websense server on SPAN port also but Test visibility tool is unable to find any IP addresses for Network agent.</P><P></P><P>Can you please help on this.</P><P></P><P>Regards,</P><P>Nitin</P><P></P><P></P></BODY></HTML> Tue, 29 Aug 2006 04:01:38 GMT https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543135#M498121 nitinmathur 2006-08-29T04:01:38Z https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543136#M498124 <HTML><HEAD></HEAD><BODY><P> On our setup we have three interfaces for the websense device. For one interface (the non-filtering interface) I have a span seesion setup so the websense can see all traffic. The second interface is the one I have the url redirects going to. The third interface is for the websense database. </P><P> Is your intranet traffic traversing your firewall? Can you send your configuration for the websense filtering?</P></BODY></HTML> Tue, 29 Aug 2006 15:23:20 GMT https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543136#M498124 cprice2k7 2006-08-29T15:23:20Z https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543137#M498129 <HTML><HEAD></HEAD><BODY><P>post your Websense config from the PIX please</P></BODY></HTML> Tue, 29 Aug 2006 16:13:50 GMT https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543137#M498129 jwjohansen 2006-08-29T16:13:50Z https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543138#M498133 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Thanks for your email.</P><P>The config from PIX is fine as now I am able to see logs on Test Log server. Now I am trying to use Websense for URL filtering of Intranet pages. Pls see the details below and suggest if possible.</P><P></P><P></P><P>Clients are identified based on IP addresses and a policy should be made to permit authorized access of web apps based on URLs.</P><P></P><P>Please suggest if Websense can be used for URL filtering of Intranet made of private IP addresses. The details regarding the setup is as follows.</P><P></P><P>Firewalls: Two PIX525 in Active-Stdby FO mode. Inside IP 10.100.200.4/24 </P><P></P><P>Websense </P><P>Mode : Intergarted Cisco PIX firewalls</P><P></P><P>Version: 6.1.1 with database downloaded (Aug28)</P><P></P><P>OS : Windows 2003 server</P><P></P><P>Physical Placement: In the inside zone of firewall. The application servers are currently placed in the same zone. Some Intranet servers will be accessed through DMZ zone also later on through a WAN link.</P><P></P><P>Physical Conenctivity: Server has 2 NIC. 1 NIC for Management (IP 10.100.200.6) </P><P> NIC 2 is used for monitoring (IP address 192.168.0.197/24)</P><P></P><P>Websense is configured to send block information through NIC 1</P><P></P><P>A policy is made that allows permitted category. In User defined two sub categories are created ?Allowed? and ?Blocked? and respective custom URLs are created in that. Only ?Allowed? category is permitted and other one blocked.</P><P></P><P>When respective pages are accessed the Test Log servers shows activity and the disposition comes as Blocked and Allowed URL but the URL that is blocked can also be accessed by user.</P><P></P><P>Regard &amp; good Day,</P><P></P></BODY></HTML> Thu, 31 Aug 2006 06:57:31 GMT https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543138#M498133 nitinmathur 2006-08-31T06:57:31Z https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543139#M498137 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>These are the lines that are configured in PIX for websense. I am getting matches on the TestLogserver on websense. But websense is not able to block anything nor does the block-message from Websense appears. I am using it for Intranet URLS based on IP addresses and domains resolved by local dns only. </P><P> </P><P></P><P>Please suggest i</P><P>pixfw1# sh run | incl url</P><P>url-server (inside) vendor websense host 10.100.200.7 timeout 5 protocol UDP ver</P><P>sion 4</P><P>url-cache dst 1KB</P><P>filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0</P><P>filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0</P><P>url-block block 1</P><P>pixfw1#</P><P></P><P></P><P>Any suggestions are welcome.</P><P></P><P>Regards,</P></BODY></HTML> Thu, 07 Sep 2006 07:05:43 GMT https://community.cisco.com/t5/network-security/pix-websense-filtering/m-p/543139#M498137 nitinmathur 2006-09-07T07:05:43Z