01-15-2003 01:49 PM - edited 02-20-2020 10:29 PM
I downloaded the WebSense evaluation software, and have been playing with it w/ our Pix 515. My question I have, which WebSense doesn't seem to know is: can you specify not to filter for certain hosts? Is the URL filtering on the PIX an everything coming in from any client? I realize you can do filtering based on desitation networks, but for example, I don't want to have certain clients on the inside network go through the websense server? Is this possible?
Also, is there different PDM version that allow more option for the URL filtering? I am running PDM version 1.0(2) and Pix version 6.1(1).
Do anyone know much about Websense? Can you specify it not to log certain IP if you can't do it in the PIX?
01-15-2003 06:09 PM
THe command reference for the filter command (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/df.htm#1039734) has a sample for this:
The following example filters all outbound HTTP connections except those from the 10.0.2.54 host:
url-server (perimeter) host 10.0.1.1
filter url 80 0 0 0 0
filter url except 10.0.2.54 255.255.255.255 0 0
PDM 2.0 is available on CCO now, as well as 6.2(2) PIX OS. You cna upgrade to both of these, although I don't think the URL part of it is any different (but then I don't use it much so I could be wrong there).
Not sure on your last Websense question, you'd probably be better off talking to WebSense about it, but since I've answered your first question you shouldn't need this anymore, correct?
01-15-2003 06:56 PM
Yes, I should be all set w/ your answer now. I contacted Websense and they didn't really say there was any way of accomplishing what I wanted. They said there should be a way to do it through the pix, so I thought to post it here.
Thanks again..
01-16-2003 04:14 AM
FYI. If you use Websense in conjunction with ISA server then you can actually specify certain users who don't get filtered, not just hosts.
01-16-2003 05:48 AM
what do you mean by ISA server? I can get Websense to filter based on user names, what I was trying to figure out was a way to have websense not monitor (send to database) for certain users, but Websense said this was not possible. They then told me to check into see if the Pix lets you exempt IP address.
-Glenn
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide