cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
443
Views
0
Helpful
5
Replies

Websense

Tshi M
Level 5
Level 5

sh url-server stat reports denied sites but the websense is not set to deny any url right now. What could be the problem?

sh url-server st

Global Statistics:

--------------------

URLs total/allowed/denied 7549434/7549358/76

URLs allowed by cache/server 0/7549358

URLs denied by cache/server 0/76

HTTPSs total/allowed/denied 1454300/1454300/0

HTTPSs allowed by cache/server 0/1454300

HTTPSs denied by cache/server 0/0

FTPs total/allowed/denied 0/0/0

FTPs allowed by cache/server 0/0

FTPs denied by cache/server 0/0

Requests dropped 0

Server timeouts/retries 0/11

Processed rate average 60s/300s 10/17 requests/second

Denied rate average 60s/300s 0/0 requests/second

Dropped rate average 60s/300s 0/0 requests/second

Server Statistics:

--------------------

10.0.3.29 UP

Vendor websense

Port 15868

Requests total/allowed/denied 9003734/9003658/76

Server timeouts/retries 0/11

Responses received 9003734

Response time average 60s/300s 0/0

URL Packets Sent and Received Stats:

------------------------------------

Message Sent Received

STATUS_REQUEST 292632 292632

LOOKUP_REQUEST 9048746 9048733

LOG_REQUEST 0 NA

Errors:

-------

RFC noncompliant GET method 4

URL buffer update failure 0

5 Replies 5

bwalchez
Level 4
Level 4

Websense is a third-party filtering software that can filter HTTP requests on the basis of the following policies: destination hostname, destination IP address, keywords, and username. The software maintains a URL database of more than 20 million sites organized into more than 60 categories and subcategories.

http://cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b0e.html#wp1027188

I have a Cisco CE-565A which can support Websense version 5.5.2 if upgraded with the new Cisco ACNS Version 5.5.7

I need features that are available in Websense version 6. Is there a Cisco appliance that can support this.

I am not sure if a new Cisco product is compatible with the latest Websense 6.3.1, I will check.

rmeans
Level 3
Level 3

What does your filter statement look like? Do you have the allow statement at the end? For example filter url http 0 0 0 0 allow. If you do not have the allow statement, when the firewall can not communicate with the websense server url access will be denied. I noticed you have a lot of stat counts. You may want to consider clearing the stats from config mode (clear url-server stat). Monitor the any increases in the deny counts to see if any traffic is actively being dropped.

url-server (inside) vendor websense host 10.0.x.x timeout 30 protocol TCP version 4 connections 15

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

url-block block 128

url-block url-size 4

url-block url-mempool 100

url-cache src-dst 100

Thank you for the information. I do not see anything obvious. Do you have the syslog messages indicating the URLs were denied? I was reading the command reference. When configuring the firewall add the url-server first followed by the filter commands. I am not sure of the impact if you reverse the order. Maybe traffic is denied (who knows). Finally, what version of OS are you running. I know that early 7.x code had a number of issues with Websense. Have you looked at the bug tool kit to see if your OS version has any related Websense bugs?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: