08-23-2006 08:48 AM - edited 02-21-2020 01:07 AM
I'm using a PIX 515 with IOS version 7.0(4) and a websense filtering server. Everything works fine until the server is taken offline for maintenance. When the server is replaced I have to re-create the url-filtering commands on the PIX in order for the server to start filtering again. Any ideas on why this must be done?
08-23-2006 11:53 AM
Finally found the Cisco write up on this.
http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K65713155
08-23-2006 12:19 PM
I had similar problems on multiple PIX/ASAs. After I upgraded to v7.21, the problems ceased. Good luck.
Jay
08-28-2006 09:01 PM
NEED YOUR HELP for Intergarting PIX-Websense
Hi,
I am facing problem in integratiing PIX525(1:1 Active-Stdby), IOS 6.34. I have followed the documentation provided by Websense to do that. Websense ver is 6.1
I have taken the ethreal cap to see the TCP handshake bet'n PIX and websense. But it is not able to filter anything. I am using websense for Intranet only so have created custom URLs based on IP addresses and hostnames. Also I have tried to connect the websense server on SPAN port also but Test visibility tool is unable to find any IP addresses for Network agent.
Can you please help on this.
Regards,
Nitin
08-29-2006 08:23 AM
On our setup we have three interfaces for the websense device. For one interface (the non-filtering interface) I have a span seesion setup so the websense can see all traffic. The second interface is the one I have the url redirects going to. The third interface is for the websense database.
Is your intranet traffic traversing your firewall? Can you send your configuration for the websense filtering?
08-29-2006 09:13 AM
post your Websense config from the PIX please
08-30-2006 11:57 PM
Hi,
Thanks for your email.
The config from PIX is fine as now I am able to see logs on Test Log server. Now I am trying to use Websense for URL filtering of Intranet pages. Pls see the details below and suggest if possible.
Clients are identified based on IP addresses and a policy should be made to permit authorized access of web apps based on URLs.
Please suggest if Websense can be used for URL filtering of Intranet made of private IP addresses. The details regarding the setup is as follows.
Firewalls: Two PIX525 in Active-Stdby FO mode. Inside IP 10.100.200.4/24
Websense
Mode : Intergarted Cisco PIX firewalls
Version: 6.1.1 with database downloaded (Aug28)
OS : Windows 2003 server
Physical Placement: In the inside zone of firewall. The application servers are currently placed in the same zone. Some Intranet servers will be accessed through DMZ zone also later on through a WAN link.
Physical Conenctivity: Server has 2 NIC. 1 NIC for Management (IP 10.100.200.6)
NIC 2 is used for monitoring (IP address 192.168.0.197/24)
Websense is configured to send block information through NIC 1
A policy is made that allows permitted category. In User defined two sub categories are created ?Allowed? and ?Blocked? and respective custom URLs are created in that. Only ?Allowed? category is permitted and other one blocked.
When respective pages are accessed the Test Log servers shows activity and the disposition comes as Blocked and Allowed URL but the URL that is blocked can also be accessed by user.
Regard & good Day,
09-07-2006 12:05 AM
Hi,
These are the lines that are configured in PIX for websense. I am getting matches on the TestLogserver on websense. But websense is not able to block anything nor does the block-message from Websense appears. I am using it for Intranet URLS based on IP addresses and domains resolved by local dns only.
Please suggest i
pixfw1# sh run | incl url
url-server (inside) vendor websense host 10.100.200.7 timeout 5 protocol UDP ver
sion 4
url-cache dst 1KB
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
url-block block 1
pixfw1#
Any suggestions are welcome.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide