06-07-2007 06:58 AM - edited 03-09-2019 06:08 PM
sh url-server stat reports denied sites but the websense is not set to deny any url right now. What could be the problem?
sh url-server st
Global Statistics:
--------------------
URLs total/allowed/denied 7549434/7549358/76
URLs allowed by cache/server 0/7549358
URLs denied by cache/server 0/76
HTTPSs total/allowed/denied 1454300/1454300/0
HTTPSs allowed by cache/server 0/1454300
HTTPSs denied by cache/server 0/0
FTPs total/allowed/denied 0/0/0
FTPs allowed by cache/server 0/0
FTPs denied by cache/server 0/0
Requests dropped 0
Server timeouts/retries 0/11
Processed rate average 60s/300s 10/17 requests/second
Denied rate average 60s/300s 0/0 requests/second
Dropped rate average 60s/300s 0/0 requests/second
Server Statistics:
--------------------
10.0.3.29 UP
Vendor websense
Port 15868
Requests total/allowed/denied 9003734/9003658/76
Server timeouts/retries 0/11
Responses received 9003734
Response time average 60s/300s 0/0
URL Packets Sent and Received Stats:
------------------------------------
Message Sent Received
STATUS_REQUEST 292632 292632
LOOKUP_REQUEST 9048746 9048733
LOG_REQUEST 0 NA
Errors:
-------
RFC noncompliant GET method 4
URL buffer update failure 0
06-13-2007 11:03 AM
Websense is a third-party filtering software that can filter HTTP requests on the basis of the following policies: destination hostname, destination IP address, keywords, and username. The software maintains a URL database of more than 20 million sites organized into more than 60 categories and subcategories.
07-30-2007 05:00 AM
I have a Cisco CE-565A which can support Websense version 5.5.2 if upgraded with the new Cisco ACNS Version 5.5.7
I need features that are available in Websense version 6. Is there a Cisco appliance that can support this.
I am not sure if a new Cisco product is compatible with the latest Websense 6.3.1, I will check.
07-30-2007 12:55 PM
What does your filter statement look like? Do you have the allow statement at the end? For example filter url http 0 0 0 0 allow. If you do not have the allow statement, when the firewall can not communicate with the websense server url access will be denied. I noticed you have a lot of stat counts. You may want to consider clearing the stats from config mode (clear url-server stat). Monitor the any increases in the deny counts to see if any traffic is actively being dropped.
07-30-2007 01:04 PM
url-server (inside) vendor websense host 10.0.x.x timeout 30 protocol TCP version 4 connections 15
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
url-block block 128
url-block url-size 4
url-block url-mempool 100
url-cache src-dst 100
07-31-2007 04:48 AM
Thank you for the information. I do not see anything obvious. Do you have the syslog messages indicating the URLs were denied? I was reading the command reference. When configuring the firewall add the url-server first followed by the filter commands. I am not sure of the impact if you reverse the order. Maybe traffic is denied (who knows). Finally, what version of OS are you running. I know that early 7.x code had a number of issues with Websense. Have you looked at the bug tool kit to see if your OS version has any related Websense bugs?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: