Re: websense/PIX-520 Urgent !!!

ranairfan · ‎02-09-2003

I have download the websense enterprise software and wants to configure it in my network.

I am using PIX-520 and have two interfaces i,e inside and outside. I have some users on inside network and some users on outside network, I want to filter url traffic for both my inside and outside network.

I have placed websense server on outside interface of PIX, I have also set a test PC which is on outside network with default gateway of the pix outside interface address. Problem is when I browse or even try to connect msn messanger I get no response.

But when I generate www traffic from my inside network websense works fine with url filtering also I can connect msn messanger from my inside network.

Kindly reply me urgent that how can I apply filtering on my outside network.

Thanks and Regards,

gfullage · ‎02-09-2003

The "filter" command only works on outbound packets, as mentioned in the command reference:

The filter url command lets you prevent outbound users from accessing World Wide Web URLs that you designate using the N2H2 or Websense filtering application.

I guess the developers never saw much of a use for filtering inbound packets with a Websense server.

ranairfan · ‎02-09-2003

thanks for the reply, I have three interfaces on my PIX i,e inbound, outbound and intf2, websense is connected on outside, can i generate www taffic from intf2 towards outside without using NAT bacause I want these users to work on their real ip addresses.

vikrantarora · ‎02-28-2003

you can write the following command if you want users on intf2 to work on their real ip address:

nat (intf2) 0 0.0.0.0 0.0.0.0 0

'nat 0' means no address trasnlation