I downloaded the WebSense evaluation software, and have been playing with it w/ our Pix 515. My question I have, which WebSense doesn't seem to know is: can you specify not to filter for certain hosts? Is the URL filtering on the PIX an everything coming in from any client? I realize you can do filtering based on desitation networks, but for example, I don't want to have certain clients on the inside network go through the websense server? Is this possible?
Also, is there different PDM version that allow more option for the URL filtering? I am running PDM version 1.0(2) and Pix version 6.1(1).
Do anyone know much about Websense? Can you specify it not to log certain IP if you can't do it in the PIX?
The following example filters all outbound HTTP connections except those from the 10.0.2.54 host:
url-server (perimeter) host 10.0.1.1
filter url 80 0 0 0 0
filter url except 10.0.2.54 255.255.255.255 0 0
PDM 2.0 is available on CCO now, as well as 6.2(2) PIX OS. You cna upgrade to both of these, although I don't think the URL part of it is any different (but then I don't use it much so I could be wrong there).
Not sure on your last Websense question, you'd probably be better off talking to WebSense about it, but since I've answered your first question you shouldn't need this anymore, correct?
Yes, I should be all set w/ your answer now. I contacted Websense and they didn't really say there was any way of accomplishing what I wanted. They said there should be a way to do it through the pix, so I thought to post it here.
what do you mean by ISA server? I can get Websense to filter based on user names, what I was trying to figure out was a way to have websense not monitor (send to database) for certain users, but Websense said this was not possible. They then told me to check into see if the Pix lets you exempt IP address.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :