I have a Websense server that I plugged into one of the spare ethernet interfaces on my PIX 515.
I called the ethernet interface DMZ2 and gave it the ip address of 192.168.1.1.
I gave the Websense server the ip address of 192.168.1.2
What do I need to do allow the PIX and Websense server to communicate and manage/report the web traffic from my network?
I dont know how websense works, does it sniff the traffic like an ids do?
To allow the websense server reach your network, and supposing that the network is connected to inside interface.
2 ways are available to achieve this
nat the inside network (with or without traslation) and allow the access in the dmz2 interface.
sample: (local net 10.0.0/24)
access-list 10 permit ip 10.0.0.0 255.255.255.0 any
nat (inside) 0 access-list 10
You need to use the 'url-server' command to define the websense server and the 'filter url' command to define what traffic to watch. It would look something like:
url-server (dmz2) vendor websense host 192.168.1.2 timeout 5 protocol TCP version 4
filter url http 0 0 0 0 allow
Check the docs for more details.
I am also using Websense with the Cisco Pix Integration. Do you know how to address https traffic?
If users try to access secure sites they receive a message indicating that authentication is required. For now we have been adding statements in the pix config to exclude authentication to the specified host. This doesnt seem to me to be the right solution or a good short term solution. Do you have any input on this?