Here are the url filter statements we are have on our asa firewall.

Is it recomended to use both longurl-truncate and cgi-truncate or is just using the cgi enough in this situation?

Websense was recommending that we use the url-mempool option instead of using the truncate statements. Let me know your thoughts on what is the best way here. 

filter url except 0.0.0.0 0.0.0.0 205.140.x.x 255.255.255.255

filter https except 0.0.0.0 0.0.0.0 205.140.x.x 255.255.255.255

filter url except 172.27.x.x 255.255.255.255 0.0.0.0 0.0.0.0

filter url except 0.0.0.0 0.0.0.0 209.135.x.x 255.255.255.255

filter url except 0.0.0.0 0.0.0.0 209.135.x.x 255.255.255.255

filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

Hi John,

I suggest you try the CGI option first and see if it makes a difference. Read up on both the options in the link that I've provided above.

Regards,

Anu

P.S. Please mark this question as resolved if it has been answered. Do rate helpful posts.

Just want to add to this,

We have been fighting this 403 errors for weeks and were in touch with websense.  We have followed their document 2208 for websense/asa configuration and changed protocol from tcp to udp.  This has somewhat improved the situation however we were still seeing 403 error and blank page on Microsoft main page.

Looking closely to their setup, I noticed that they left out longurl-truncate statement and I also noticed Microsoft redirect their main page to a ridiculously long url.  I added back longurl-truncate and cgi-truncate as well.  This fixed Microsoft's blank issue immediately and I am also noticing a faster web page load.

Hope this help if anyone experiencing similar problem.

Rieman