Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX-Websense Intergration for INTRANET


I am trying to use Websense for URL filtering of Intranet pages. Pls see the details below and suggest if possible. The config from PIX is fine as I am able to see logs on Test Log server.

Clients are identified based on IP addresses and a policy should be made to permit authorized access of web apps based on URLs.

Please suggest if Websense can be used for URL filtering of Intranet made of private IP addresses. The details regarding the setup is as follows.

Firewalls: Two PIX525 in Active-Stdby FO mode. Inside IP


Mode : Intergarted Cisco PIX firewalls

Version: 6.1.1 with database downloaded (Aug28)

OS : Windows 2003 server

Physical Placement: In the inside zone of firewall. The application servers are currently placed in the same zone. Some Intranet servers will be accessed through DMZ zone also later on through a WAN link.

Physical Conenctivity: Server has 2 NIC. 1 NIC for Management (IP

NIC 2 is used for monitoring (IP address

Websense is configured to send block information through NIC 1

A policy is made that allows permitted category. In User defined two sub categories are created ?Allowed? and ?Blocked? and respective custom URLs are created in that. Only ?Allowed? category is permitted and other one blocked.

When respective pages are accessed the Test Log servers shows activity and the disposition comes as Blocked and Allowed URL but the URL that is blocked can also be accessed by user.

Regard & good Day,


Re: PIX-Websense Intergration for INTRANET

Native Integration with Popular User Authentication Services Provides convenient method for authenticating VPN users through native integration with popular authentication services, including Microsoft Active Directory, Microsoft Windows Domains, Kerberos, Lightweight Directory Access Protocol (LDAP), and RSA SecurID (without requiring a separate RADIUS/TACACS+ server to act as an intermediary).

CreatePlease login to create content