04-20-2007 09:48 AM - edited 03-11-2019 03:02 AM
we have few users that are getting blank web page (i.e. mapquest for an example). We have the following config for url filtering:
url-server (inside) vendor websense host 10.1.16.5 timeout 30 protocol TCP version 1 connections 5
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
My guess is that the problem might be with websense but don't know what to look for.
04-20-2007 10:08 AM
It does seem that this is a issue with the websense filtering policy, Have you checked websense support for this issue??
04-20-2007 10:11 AM
You might want to consult the following page too...
04-20-2007 10:08 AM
Hi, Try increasing the fixup protocol dns length size in the pix .. the default is 512 bytes.. it may resolve the issue.
show fixup protocol dns
fixup protocol dns maximum-length 1500
Jorge
04-20-2007 11:10 AM
I am using an ASA 5520 and using a policy-map:
policy-map type inspect dns DNS
parameters
message-length maximum 1024
I guess I will try to increase this number to 1500 and see if it makes a difference.
04-20-2007 11:15 AM
what is strange though is that i have a pix 506 with fixup protocol dns maximum-length 512 but I am not having the same problem. This was what let to believe it could be websense.
04-20-2007 01:05 PM
I checked the stats and see some URLs being blocked. I guess I will have to contact Wedsense tech support.
Global Statistics:
--------------------
URLs total/allowed/denied 16644680/16570714/73966
URLs allowed by cache/server 0/16570714
URLs denied by cache/server 0/73966
HTTPSs total/allowed/denied 0/0/0
HTTPSs allowed by cache/server 0/0
HTTPSs denied by cache/server 0/0
FTPs total/allowed/denied 0/0/0
FTPs allowed by cache/server 0/0
FTPs denied by cache/server 0/0
Requests dropped 0
Server timeouts/retries 0/64
Processed rate average 60s/300s 6/9 requests/second
Denied rate average 60s/300s 0/0 requests/second
Dropped rate average 60s/300s 0/0 requests/second
Server Statistics:
--------------------
10.1.16.5 UP
Vendor websense
Port 15868
Requests total/allowed/denied 16644680/16570714/73966
Server timeouts/retries 0/64
Responses received 16644680
Response time average 60s/300s 0/0
URL Packets Sent and Received Stats:
------------------------------------
Message Sent Received
STATUS_REQUEST 468550 468546
LOOKUP_REQUEST 16649108 16649004
LOG_REQUEST 0 NA
Errors:
-------
RFC noncompliant GET method 11
URL buffer update failure 0
04-20-2007 01:57 PM
Then it is clear the websence seems to be the issue .. let us know how it works out with tect support..
04-25-2007 12:02 PM
I haven't had a chance to speak to websense but here what I did and somewhat fixed the problem.
1. I removed the lines below
url-server (inside) vendor websense host 10.1.16.5 timeout 30 protocol TCP version 1 connections 5
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
1. and use those lines instead
url-server (inside) vendor websense host 10.0.3.29 timeout 30 protocol TCP version 4 connections 15
url-cache src-dst 100
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: