Cisco Support Community
Community Member

Pix & Websense filtering

I'm using a PIX 515 with IOS version 7.0(4) and a websense filtering server. Everything works fine until the server is taken offline for maintenance. When the server is replaced I have to re-create the url-filtering commands on the PIX in order for the server to start filtering again. Any ideas on why this must be done?

Community Member

Re: Pix & Websense filtering


Re: Pix & Websense filtering

I had similar problems on multiple PIX/ASAs. After I upgraded to v7.21, the problems ceased. Good luck.


Community Member

Re: Pix & Websense filtering

NEED YOUR HELP for Intergarting PIX-Websense


I am facing problem in integratiing PIX525(1:1 Active-Stdby), IOS 6.34. I have followed the documentation provided by Websense to do that. Websense ver is 6.1

I have taken the ethreal cap to see the TCP handshake bet'n PIX and websense. But it is not able to filter anything. I am using websense for Intranet only so have created custom URLs based on IP addresses and hostnames. Also I have tried to connect the websense server on SPAN port also but Test visibility tool is unable to find any IP addresses for Network agent.

Can you please help on this.



Community Member

Re: Pix & Websense filtering

On our setup we have three interfaces for the websense device. For one interface (the non-filtering interface) I have a span seesion setup so the websense can see all traffic. The second interface is the one I have the url redirects going to. The third interface is for the websense database.

Is your intranet traffic traversing your firewall? Can you send your configuration for the websense filtering?

Community Member

Re: Pix & Websense filtering

post your Websense config from the PIX please

Community Member

Re: Pix & Websense filtering


Thanks for your email.

The config from PIX is fine as now I am able to see logs on Test Log server. Now I am trying to use Websense for URL filtering of Intranet pages. Pls see the details below and suggest if possible.

Clients are identified based on IP addresses and a policy should be made to permit authorized access of web apps based on URLs.

Please suggest if Websense can be used for URL filtering of Intranet made of private IP addresses. The details regarding the setup is as follows.

Firewalls: Two PIX525 in Active-Stdby FO mode. Inside IP


Mode : Intergarted Cisco PIX firewalls

Version: 6.1.1 with database downloaded (Aug28)

OS : Windows 2003 server

Physical Placement: In the inside zone of firewall. The application servers are currently placed in the same zone. Some Intranet servers will be accessed through DMZ zone also later on through a WAN link.

Physical Conenctivity: Server has 2 NIC. 1 NIC for Management (IP

NIC 2 is used for monitoring (IP address

Websense is configured to send block information through NIC 1

A policy is made that allows permitted category. In User defined two sub categories are created ?Allowed? and ?Blocked? and respective custom URLs are created in that. Only ?Allowed? category is permitted and other one blocked.

When respective pages are accessed the Test Log servers shows activity and the disposition comes as Blocked and Allowed URL but the URL that is blocked can also be accessed by user.

Regard & good Day,

Community Member

Re: Pix & Websense filtering


These are the lines that are configured in PIX for websense. I am getting matches on the TestLogserver on websense. But websense is not able to block anything nor does the block-message from Websense appears. I am using it for Intranet URLS based on IP addresses and domains resolved by local dns only.

Please suggest i

pixfw1# sh run | incl url

url-server (inside) vendor websense host timeout 5 protocol UDP ver

sion 4

url-cache dst 1KB

filter url http

filter url 443

url-block block 1


Any suggestions are welcome.


CreatePlease to create content