ASA/PIX Websense filter exception functionality

Unanswered Question
Mar 19th, 2008

So when you use the "filter url exception" command, does the firewall still inform the Websense server of the URL and just allows it out. Or does the firewall totally not report on URLs from those addresses to Websense?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
abinjola Wed, 03/19/2008 - 12:45

To accomplish URL filtering, pix can be configured with

> Websense ( or N2H2 ( in this way:


> a)A client establishes a TCP connection to a web server.

> b)The client sends an HTTP request for a page on this server.

> c)The pix intercepts this request and hands it over to the

> filtering server. d)The filtering server decides if the

> client should be allowed access to the requested page. e)If

> the decision is positive, the pix forwards the request to the

> server and the client receives the requested content. f)If

> the decision is negative, the client's request is dropped.


> NOTE: Websense works with pix version 5.3 onwards and N2H2

> works with pix version 6.2 onwards. These can only perform

> HTTP filtering not FTP or HTTPS. Although for blocking ftp

> sites, a URL like can be entered.

however pix do not report the query to websense when you run the exception command

hope it answers your Query

jogillis Mon, 04/28/2008 - 10:38

Actually in step c) the pix will send the request to the web server as well as checking with the filtering server to see if it is permitted. Then in step f) if the response is negative, the pix will drop the return packet from the web server.

rextillojr Wed, 04/30/2008 - 21:42

The firewall doesn't inform Websense, it just allow the traffic.



This Discussion