websense web filtering not working with 2911 with zone based firewall

Stan Spice · ‎01-22-2015

Hi,

Any one ran into this issue

We use websense for guest wifi but i dont see requests hitting websense server

config is below

class-map type inspect match-any test-1
match protocol http

policy-map type inspect Wifi-test
class type inspect test-1
inspect

urlfilter websense-parmap
class class-default
drop

parameter-map type urlfilter websense-parmap
server vendor websense 10.10.1.4
source-interface GigabitEthernet0/2
allow-mode on
cache 100

zone-pair security Wifi-in-out source Wifi destination outside
service-policy type inspect Wifi-test

interface GigabitEthernet0/1
description Internet
ip address 192.168.10.1 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly in
zone-member security Wifi
interface GigabitEthernet0/2
description LAN
ip address 10.10.4.1 255.255.255.0
zone-member security inside

Menezesa · ‎01-30-2015

Hi Stan,

You should be able to adapt this config example to your environment.

Andy-

!
class-map type inspect match-any http-cm
match protocol http

!
parameter-map type urlfpolicy websense websense-parm
server <websense server IP>
source-interface <lan interface>
allow-mode on
truncate hostname

!
class-map type urlfilter websense match-any websense-cm
match server-response any

!
policy-map type inspect urlfilter websense-pm
parameter type urlfpolicy websense websense-parm
class type urlfilter websense websense-cm
server-specified-action

!
policy-map type inspect Inside->Internet-pm
description Inside trusted to Internet
class type inspect http-cm
inspect
service-policy urlfilter websense-pm
class type inspect Inside->Internet-cm
inspect
class class-default
drop

!
zone-pair security Inside->Internet source Inside destination Internet
service-policy type inspect Inside->Internet-pm

!-------------------------------------------------------------
! to check status & url block counts
!
show policy-map type inspect zone-pair Inside->Internet urlfilter