Websense URL filtering with Cisco ASA?

Unanswered Question
Mar 3rd, 2008


Does anyone use Websense inline with their Cisco ASA for web filtering?

I'm trying to get my VPN's and client VPN's and Internal users have their web pages filtered and blocked based on our company policy.

Or failing that see if our ISP provide web filtering.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
contreras Mon, 03/03/2008 - 09:16

Assuming all Internet traffic is split tunneled for vpn.

Here's an example below the websense server is on the inside interface and it's ip is

url-server (inside) host timeout 30 protocol TCP version 4

The following command filters every HTTP request to all destinations. You can also choose to specify a source and destinaiton network to filter by.

filter url http 0 0 0 0

cplatt01 Mon, 03/03/2008 - 11:51

The issue I have found is that Websense cannot properly identify usernames. You will get the default policy when you surf.

contreras Mon, 03/03/2008 - 13:09

If your talking about identifying users over vpn I believe that you can use the Radius agent and bind it with your ACS.

cplatt01 Tue, 03/04/2008 - 08:09

Websense will identify users a few different ways:

1) DC Agent - easiest (ties in with your AD structure)

2 - Logon Agent - most accurate, especially for academic type settings (many users on one PC)

As for Websense being the best, that is probably true, but it comes with a premium price tag. There are plenty of others out there, especially open source.

whiteford Tue, 03/04/2008 - 08:26

I use Surf Control Web Filter, not sure if it links well with the ASA's though for URL filtering.

cplatt01 Tue, 03/04/2008 - 08:48

SurfControl was recently purchased by Websense. I believe any renewals, fall under the Websense side.


This Discussion