urlfilter / websense configuration issue

Unanswered Question
Oct 20th, 2009
User Badges:


We have Websense Enterprise and formerly used it with a PIX 515e.  We recently replaced the PIX with the UC500 and are having some configuration issues.  When filtering is enabled - it is correctly sending requests to Websense and logging them appropiately.  However, the UC500 seems to be sending all traffic (including SMTP, etc possibly?) and HTTPS to Websense because as soon as I enable filtering, outgoing mail stops working and even websites with login pages stop functioning.  If you go to a blatently blocked site, the block page does come up from Websense.

Here is our relavant configuration.  I applied the inspect rule to Vlan1 ... could this be the issue?

ip inspect name websense http urlfilter
ip urlfilter allow-mode on
ip urlfilter urlf-server-log
ip urlfilter server vendor websense

interface Vlan1
description $FW_INSIDE$
ip address
ip access-group 103 in
ip nat inside
ip inspect websense in
ip virtual-reassembly
h323-gateway voip bind srcaddr

Thanks for your help,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Saurabh Verma Thu, 10/22/2009 - 05:48
User Badges:
  • Silver, 250 points or more

Hi Joe,

URL filtering feature is not supported on UC 500.


Steven DiStefano Thu, 10/22/2009 - 06:02
User Badges:
  • Blue, 1500 points or more

The SA500 (Security Appliance) can be placed in front of the UC500 (just disable NAT and the FW on the UC and assign a static address of the SA500 LAN to its FE0/0) and then you can have Protect Link Gateway (powered by Trend Micro) in front of the UC500 (advanced FW).

I set it up here:


PLG Info here:



(Obviously in Sales trying to sell you this)  :-)

Joe Gadell Thu, 10/22/2009 - 08:40
User Badges:

That's unfortunate.  So is it an "unsupported" feature, or will it flat-out not work?



Saurabh Verma Thu, 10/22/2009 - 08:42
User Badges:
  • Silver, 250 points or more

I see that some of the CLIs are in the system, however, since this is unsupported, it has never been tested.



This Discussion

Related Content