https://community.cisco.com/t5/network-security/pix-websense-not-blocking-https/m-p/930450#M938682 <P>I use WebSense 5.5 on windows 2000. I have a pix 515 running 6.3(3)</P><P>I am having trouble blocking https sites</P><P>The https protocol blocking is enabled on Websense.</P><P>I have this in my config:</P><P> </P><P>url-server (inside) vendor websense host 10.208.18.2 timeout 5 protocol TCP version 1</P><P>filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 </P><P>filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 </P><P></P><P>It was recommended that I use "filter url https" instead of 443, but it automatically changes https to 443.</P><P></P><P>Any solutions?</P><P>Thanks.</P><P></P><P></P> Mon, 11 Mar 2019 12:36:49 GMT daniel.ketchum 2019-03-11T12:36:49Z https://community.cisco.com/t5/network-security/pix-websense-not-blocking-https/m-p/930450#M938682 <P>I use WebSense 5.5 on windows 2000. I have a pix 515 running 6.3(3)</P><P>I am having trouble blocking https sites</P><P>The https protocol blocking is enabled on Websense.</P><P>I have this in my config:</P><P> </P><P>url-server (inside) vendor websense host 10.208.18.2 timeout 5 protocol TCP version 1</P><P>filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 </P><P>filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 </P><P></P><P>It was recommended that I use "filter url https" instead of 443, but it automatically changes https to 443.</P><P></P><P>Any solutions?</P><P>Thanks.</P><P></P><P></P> Mon, 11 Mar 2019 12:36:49 GMT https://community.cisco.com/t5/network-security/pix-websense-not-blocking-https/m-p/930450#M938682 daniel.ketchum 2019-03-11T12:36:49Z https://community.cisco.com/t5/network-security/pix-websense-not-blocking-https/m-p/930451#M938683 <HTML><HEAD></HEAD><BODY><P>In a PIX HTTPS protocol is disabled by default.check for the version of pix firewall as:</P><P>1)Websense Enterprise web filtering application is supported by PIX Firewall Version 5.3 or higher only.</P><P>2)PIX Firewall Version 6.3 or higher supports filtering of HTTPS and FTP sites when using the Websense filtering server.</P><P></P><P>More information about enabling HTTPS protocol blocking using websense refer:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/app_ntwk_services/waas/acns/v55/configuration/central/guide/9136fltr.html#wp1042822" target="_blank">http://www.cisco.com/en/US/docs/app_ntwk_services/waas/acns/v55/configuration/central/guide/9136fltr.html#wp1042822</A></P></BODY></HTML> Fri, 02 May 2008 18:10:53 GMT https://community.cisco.com/t5/network-security/pix-websense-not-blocking-https/m-p/930451#M938683 smahbub 2008-05-02T18:10:53Z https://community.cisco.com/t5/network-security/pix-websense-not-blocking-https/m-p/930452#M938684 <HTML><HEAD></HEAD><BODY><P>Daniel,</P><P></P><P>Your configuration should work as you have it.</P><P></P><P>The command is as follows:</P><P></P><P>filter url [http | port[-port] local_ip local_mask foreign_ip foreign_mask] [allow] [proxy-block] </P><P>[longurl-truncate | longurl-deny] [cgi-truncate]</P><P></P><P>Have you checked the statistics by issuing "show url-server statistics"?</P></BODY></HTML> Fri, 02 May 2008 18:48:11 GMT https://community.cisco.com/t5/network-security/pix-websense-not-blocking-https/m-p/930452#M938684 Matt Lang 2008-05-02T18:48:11Z https://community.cisco.com/t5/network-security/pix-websense-not-blocking-https/m-p/930453#M938685 <HTML><HEAD></HEAD><BODY><P>Matt,</P><P>"show url-server statistics" returns a bad syntax response. "show url server statistics" returns "Ambiguous command. Please enter more characters."</P><P>What am I missing here?</P></BODY></HTML> Mon, 05 May 2008 22:41:43 GMT https://community.cisco.com/t5/network-security/pix-websense-not-blocking-https/m-p/930453#M938685 daniel.ketchum 2008-05-05T22:41:43Z https://community.cisco.com/t5/network-security/pix-websense-not-blocking-https/m-p/930454#M938686 <HTML><HEAD></HEAD><BODY><P>Daniel, </P><P></P><P>My mistake. It should be "show url-server stats". That is the command for 6.3 code. Here is the link....</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/tz.html#wp1026449" target="_blank">http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/tz.html#wp1026449</A></P><P></P><P>"show url-server statistics" is for 7.2 code.</P></BODY></HTML> Mon, 05 May 2008 23:31:55 GMT https://community.cisco.com/t5/network-security/pix-websense-not-blocking-https/m-p/930454#M938686 Matt Lang 2008-05-05T23:31:55Z https://community.cisco.com/t5/network-security/pix-websense-not-blocking-https/m-p/930455#M938687 <HTML><HEAD></HEAD><BODY><P>Nice Matt, that worked. My stats look like the pix is not even seeing https requests:</P><P></P><P>URL Server Statistics:</P><P>----------------------</P><P>Vendor websense</P><P>URLs total/allowed/denied 2611484/2578007/33477</P><P>HTTPSs total/allowed/denied 0/0/0</P><P>FTPs total/allowed/denied 0/0/0</P><P></P><P>URL Server Status:</P><P>------------------</P><P>10.208.50.2 UP</P><P></P><P>URL Packets Sent and Recieved Stats:</P><P>-----------------------------------</P><P>Message Sent Recieved</P><P>STATUS_REQUEST 80424 80353</P><P>LOOKUP_REQUEST 2658590 2657063</P><P>LOG_REQUEST 0 NA</P><P></P><P></P></BODY></HTML> Tue, 06 May 2008 14:39:14 GMT https://community.cisco.com/t5/network-security/pix-websense-not-blocking-https/m-p/930455#M938687 daniel.ketchum 2008-05-06T14:39:14Z