I have just configured the IOS urlfilter integration on a remote branch office 2800 router with a websense server at a clients head office, which is working perfectly and surprised at how easy it was!
But I have one big problem with it though...The client use Citrix XenApp Plugin (formerly PNAgent) on the PC's at the remote site and ever since I attached the inbound inspect rule to the inside interface on the router the Citrix XenApp client will not sign in at all anywmore.
I have debugged the urlfilter and can see that it is allowing the PC access to the XenApp Services Web Interface server (which delivers config to the XenApp Plugin via an XML stream).
What I want to know is if there is a way to exlcude the host (running the Web Interface) from being picked up by the inspect rule on the interface? (99.9% sure that its the http inspect thats breaking it - I have come across this on ASA's many moons ago).
Or indeed if there is a command I can use which will alleviate the problem.
For info, what the end user sees is a message that the XenApp client is connecting and downloading the XML app list, but it never gets past about 30% (bearing in mind that the XML data it recieves is only a few lines long!), so maybe there is some kind of timeout I can tweak?