Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1481
Views
6
Helpful
5
Replies

Pix, WebSense not blocking https

daniel.ketchum
Level 1
Level 1

‎04-25-2008 08:44 AM - edited ‎03-11-2019 05:36 AM

I use WebSense 5.5 on windows 2000. I have a pix 515 running 6.3(3)

I am having trouble blocking https sites

The https protocol blocking is enabled on Websense.

I have this in my config:

url-server (inside) vendor websense host 10.208.18.2 timeout 5 protocol TCP version 1

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

It was recommended that I use "filter url https" instead of 443, but it automatically changes https to 443.

Any solutions?

Thanks.

Labels:
0 Helpful
5 Replies 5

smahbub
Level 6
Level 6

‎05-02-2008 11:10 AM

In a PIX HTTPS protocol is disabled by default.check for the version of pix firewall as:

1)Websense Enterprise web filtering application is supported by PIX Firewall Version 5.3 or higher only.

2)PIX Firewall Version 6.3 or higher supports filtering of HTTPS and FTP sites when using the Websense filtering server.

More information about enabling HTTPS protocol blocking using websense refer:

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/acns/v55/configuration/central/guide/9136fltr.html#wp1042822

0 Helpful

Matt Lang
Level 1
Level 1

‎05-02-2008 11:48 AM

Daniel,

Your configuration should work as you have it.

The command is as follows:

filter url [http | port[-port] local_ip local_mask foreign_ip foreign_mask] [allow] [proxy-block]

[longurl-truncate | longurl-deny] [cgi-truncate]

Have you checked the statistics by issuing "show url-server statistics"?

daniel.ketchum
Level 1
Level 1
In response to Matt Lang

‎05-05-2008 03:41 PM

Matt,

"show url-server statistics" returns a bad syntax response. "show url server statistics" returns "Ambiguous command. Please enter more characters."

What am I missing here?

0 Helpful

Matt Lang
Level 1
Level 1
In response to daniel.ketchum

‎05-05-2008 04:31 PM

Daniel,

My mistake. It should be "show url-server stats". That is the command for 6.3 code. Here is the link....

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/tz.html#wp1026449

"show url-server statistics" is for 7.2 code.

daniel.ketchum
Level 1
Level 1
In response to Matt Lang

‎05-06-2008 07:39 AM

Nice Matt, that worked. My stats look like the pix is not even seeing https requests:

URL Server Statistics:

----------------------

Vendor websense

URLs total/allowed/denied 2611484/2578007/33477

HTTPSs total/allowed/denied 0/0/0

FTPs total/allowed/denied 0/0/0

URL Server Status:

------------------

10.208.50.2 UP

URL Packets Sent and Recieved Stats:

-----------------------------------

Message Sent Recieved

STATUS_REQUEST 80424 80353

LOOKUP_REQUEST 2658590 2657063

LOG_REQUEST 0 NA

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card