Pix, WebSense not blocking https

Unanswered Question
Apr 25th, 2008

I use WebSense 5.5 on windows 2000. I have a pix 515 running 6.3(3)

I am having trouble blocking https sites

The https protocol blocking is enabled on Websense.

I have this in my config:

url-server (inside) vendor websense host 10.208.18.2 timeout 5 protocol TCP version 1

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

It was recommended that I use "filter url https" instead of 443, but it automatically changes https to 443.

Any solutions?

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Loading.
smahbub Fri, 05/02/2008 - 11:10

In a PIX HTTPS protocol is disabled by default.check for the version of pix firewall as:

1)Websense Enterprise web filtering application is supported by PIX Firewall Version 5.3 or higher only.

2)PIX Firewall Version 6.3 or higher supports filtering of HTTPS and FTP sites when using the Websense filtering server.

More information about enabling HTTPS protocol blocking using websense refer:

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/acns/v55/configuration/central/guide/9136fltr.html#wp1042822

Matt Lang Fri, 05/02/2008 - 11:48

Daniel,

Your configuration should work as you have it.

The command is as follows:

filter url [http | port[-port] local_ip local_mask foreign_ip foreign_mask] [allow] [proxy-block]

[longurl-truncate | longurl-deny] [cgi-truncate]

Have you checked the statistics by issuing "show url-server statistics"?

daniel.ketchum Mon, 05/05/2008 - 15:41

Matt,

"show url-server statistics" returns a bad syntax response. "show url server statistics" returns "Ambiguous command. Please enter more characters."

What am I missing here?

daniel.ketchum Tue, 05/06/2008 - 07:39

Nice Matt, that worked. My stats look like the pix is not even seeing https requests:

URL Server Statistics:

----------------------

Vendor websense

URLs total/allowed/denied 2611484/2578007/33477

HTTPSs total/allowed/denied 0/0/0

FTPs total/allowed/denied 0/0/0

URL Server Status:

------------------

10.208.50.2 UP

URL Packets Sent and Recieved Stats:

-----------------------------------

Message Sent Recieved

STATUS_REQUEST 80424 80353

LOOKUP_REQUEST 2658590 2657063

LOG_REQUEST 0 NA

Actions

This Discussion