07-19-2010 02:10 PM - edited 03-11-2019 11:13 AM
Running 7.22.
url-server (DMZ1) vendor websense host x.x.x.x timeout 10 protocol TCP version 4 connections 5
url-cache dst 128
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
url-block url-mempool 1500
url-block url-size 4
PIX535HOFWS# show url-server statistics
Global Statistics:
--------------------
URLs total/allowed/denied 22524/20050/2474
URLs allowed by cache/server 0/20050
URLs denied by cache/server 0/2474
HTTPSs total/allowed/denied 0/0/0
HTTPSs allowed by cache/server 0/0
HTTPSs denied by cache/server 0/0
FTPs total/allowed/denied 0/0/0
FTPs allowed by cache/server 0/0
FTPs denied by cache/server 0/0
Requests dropped 0
Server timeouts/retries 0/0
Processed rate average 60s/300s 6/9 requests/second
Denied rate average 60s/300s 0/0 requests/second
Dropped rate average 60s/300s 0/0 requests/second
Server Statistics:
--------------------
x.x.x.x UP
Vendor websense
Port 15868
Requests total/allowed/denied 22524/20050/2474
Server timeouts/retries 0/0
Responses received 22524
Response time average 60s/300s 0/0
URL Packets Sent and Received Stats:
------------------------------------
Message Sent Received
STATUS_REQUEST 464 464
LOOKUP_REQUEST 22537 22537
LOG_REQUEST 0 NA
Errors:
-------
RFC noncompliant GET method 0
URL buffer update failure 0
07-24-2010 06:42 AM
What version of Websense are you using?
I guess first, I need to explain how caching works. When the PIX sends a request to Websense, in the permit/deny reply there is a field which tells the PIX whether it can cache that response. Only if the field is set to true, and caching is enabled on the PIX, will it cache the replies.
However, in all newer versions of Websense/N2H2, they no longer permit the responses to be cached (meaning the field is set to false in all responses). Therefore, even though the PIX can cache the response, it is not permitted to.
The reason for doing this is because many sites can change classification, or more importantly, sites are very large these days and different areas of sites can be classified to different categories. With caching, the entire domain must be in the same category so the the action taken on the entire domain is the same. This is because only the domain is cached with a permit/deny action, not the entire URL.
Hope that helps explain it. If so, please ensure you mark the question as answered so we know it solved the problem.
Sincerely,
David.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide