10-30-2009 08:22 AM - edited 03-11-2019 09:34 AM
Hi,
I've just installed a standalone version of Websense security suite in my DMZ.
My users are connected to Internet through an ASA 5520. I would like that the ASA intercept the url requests and send it to the websense for approbation.
I use the "url-XXXX" set of commands in my asa.
url-server (dmz) vendor websense host WEBSENSE timeout 30 protocol TCP version 4 connections 5
url-cache dst 100
filter url http users_ipaddress 255.255.255.255 0.0.0.0 0.0.0.0 allow proxy-block longurl-truncate cgi-truncate
url-block url-mempool 2
url-block url-size 2
url-block block 10
I would like to know what contain the packet sent by the ASA to the websense ? Only the user ip address and the destination url ?
Actually I would like to be able to create groups in the websense connected to the AD Database but i'm not sure the ASA is sending me the credentials. Is there a way to do that ?
Regards,
Mathieu
11-01-2009 11:09 AM
The ASA ask to the Websense if the user is allow to access that specific website. If not the ASA blocks the request. The websense only respond to the question from the ASA, The ASA is who block the request or allow it.
The websense can block with:
destination hostname
destination IP address
keywords
user name
All that information is forwarded to the Websense server.
Hope It helps.
11-01-2009 12:54 PM
It seems that the username is forwarded to the websense if user authentication is enabled on the security appliance. Is this a way to setup transparent authentication in order to simply forward the username request to the websense ?
11-02-2009 06:54 AM
This information is in the link that I gave u.
*
Software version 7.x and later:
pix(config)# url-server (if_name) host local_ip [timeout seconds] [protocol TCP | UDP version 1|4
[connections num_conns] ]
Replace if_name with the name of the security appliance interface that is connected to the filtering server. The default is inside. Replace local_ip with the IP address of the filtering server. Replace seconds with the number of seconds the security appliance must continue to try to connect to the filtering server.
Use the protocol option in order to specify whether you want to use TCP or UDP. With a Websense server, you can also specify the version of TCP you want to use. TCP version 1 is the default. TCP version 4 allows the PIX firewall to send authenticated user names and URL logging information to the Websense server if the PIX firewall has already authenticated the user.
For example, in order to identify a single Websense filtering server, issue this command:
hostname(config)#url-server (DMZ) vendor websense host 192.168.15.15 protocol TCP version 4
Please let me know if this is what u were looking for.
Regards,
11-02-2009 07:01 AM
In your quote :
"the PIX firewall to send authenticated user names and URL logging information to the Websense server if the PIX firewall has already authenticated the user. "
How can I proceeed to transparent authenticate the user in the firewall ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide