PIX\ASA configuration for Websense URL filtering

ronshuster · ‎02-11-2009

Recently we've introduced Websense to our environment and I am using a spanning port on the core switch to force all traffic destined to the Internet to go through websense, that works very well.

The problem we have now is that Remote Access VPN users (coming from the Internet of course) are not going through websense when accessing the Internet given their traffic does not go through the spanning port, rather they are coming from the OUTSIDE interface of the firewall. I am aware that there is another way of talking to websense and that is through the filter command on the firewall but it is only limited to a number of ports.

So the question is: How do we get ALL traffic going to the Internet to go through websense, both internal users as well as remote access VPN users.

Pls assist if you have this working.

cdusio · ‎02-11-2009

Try this or something like it with your IP's.

url-server (inside) vendor websense host (Your IP) timeout 30 protocol TCP version 4 connections 5

url-cache src_dst 128

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

ronshuster · ‎02-11-2009

Does that mean I can remove the port spanning? Is this config global, ie. it applies to traffic coming from the INSIDE & OUTSIDE (VPN users)? Is it limited to specific ports or will it filter all ports going out?

cdusio · ‎02-11-2009

Should apply to all...