Re: Pix & Websense filtering

cprice2k7 · ‎08-23-2006

I'm using a PIX 515 with IOS version 7.0(4) and a websense filtering server. Everything works fine until the server is taken offline for maintenance. When the server is replaced I have to re-create the url-filtering commands on the PIX in order for the server to start filtering again. Any ideas on why this must be done?

cprice2k7 · ‎08-23-2006

Finally found the Cisco write up on this.

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K65713155

jwalker · ‎08-23-2006

I had similar problems on multiple PIX/ASAs. After I upgraded to v7.21, the problems ceased. Good luck.

Jay

nitinmathur · ‎08-28-2006

NEED YOUR HELP for Intergarting PIX-Websense

Hi,

I am facing problem in integratiing PIX525(1:1 Active-Stdby), IOS 6.34. I have followed the documentation provided by Websense to do that. Websense ver is 6.1

I have taken the ethreal cap to see the TCP handshake bet'n PIX and websense. But it is not able to filter anything. I am using websense for Intranet only so have created custom URLs based on IP addresses and hostnames. Also I have tried to connect the websense server on SPAN port also but Test visibility tool is unable to find any IP addresses for Network agent.

Can you please help on this.

Regards,

Nitin

cprice2k7 · ‎08-29-2006

On our setup we have three interfaces for the websense device. For one interface (the non-filtering interface) I have a span seesion setup so the websense can see all traffic. The second interface is the one I have the url redirects going to. The third interface is for the websense database.

Is your intranet traffic traversing your firewall? Can you send your configuration for the websense filtering?

jwjohansen · ‎08-29-2006

post your Websense config from the PIX please

nitinmathur · ‎08-30-2006

Hi,

Thanks for your email.

The config from PIX is fine as now I am able to see logs on Test Log server. Now I am trying to use Websense for URL filtering of Intranet pages. Pls see the details below and suggest if possible.

Clients are identified based on IP addresses and a policy should be made to permit authorized access of web apps based on URLs.

Please suggest if Websense can be used for URL filtering of Intranet made of private IP addresses. The details regarding the setup is as follows.

Firewalls: Two PIX525 in Active-Stdby FO mode. Inside IP 10.100.200.4/24

Websense

Mode : Intergarted Cisco PIX firewalls

Version: 6.1.1 with database downloaded (Aug28)

OS : Windows 2003 server

Physical Placement: In the inside zone of firewall. The application servers are currently placed in the same zone. Some Intranet servers will be accessed through DMZ zone also later on through a WAN link.

Physical Conenctivity: Server has 2 NIC. 1 NIC for Management (IP 10.100.200.6)

NIC 2 is used for monitoring (IP address 192.168.0.197/24)

Websense is configured to send block information through NIC 1

A policy is made that allows permitted category. In User defined two sub categories are created ?Allowed? and ?Blocked? and respective custom URLs are created in that. Only ?Allowed? category is permitted and other one blocked.

When respective pages are accessed the Test Log servers shows activity and the disposition comes as Blocked and Allowed URL but the URL that is blocked can also be accessed by user.

Regard & good Day,

nitinmathur · ‎09-07-2006

Hi,

These are the lines that are configured in PIX for websense. I am getting matches on the TestLogserver on websense. But websense is not able to block anything nor does the block-message from Websense appears. I am using it for Intranet URLS based on IP addresses and domains resolved by local dns only.

Please suggest i

pixfw1# sh run | incl url

url-server (inside) vendor websense host 10.100.200.7 timeout 5 protocol UDP ver

sion 4

url-cache dst 1KB

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

url-block block 1

pixfw1#

Any suggestions are welcome.

Regards,