Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

websense server connected to PIX 515??

I have a Websense server that I plugged into one of the spare ethernet interfaces on my PIX 515.

I called the ethernet interface DMZ2 and gave it the ip address of

I gave the Websense server the ip address of

What do I need to do allow the PIX and Websense server to communicate and manage/report the web traffic from my network?


New Member

Re: websense server connected to PIX 515??

I dont know how websense works, does it sniff the traffic like an ids do?

To allow the websense server reach your network, and supposing that the network is connected to inside interface.

2 ways are available to achieve this

nat the inside network (with or without traslation) and allow the access in the dmz2 interface.

sample: (local net 10.0.0/24)

access-list 10 permit ip any

nat (inside) 0 access-list 10

access-list DMZ2

New Member

Re: websense server connected to PIX 515??

You need to use the 'url-server' command to define the websense server and the 'filter url' command to define what traffic to watch. It would look something like:

url-server (dmz2) vendor websense host timeout 5 protocol TCP version 4

filter url http 0 0 0 0 allow

Check the docs for more details.


New Member

Re: websense server connected to PIX 515??

I am also using Websense with the Cisco Pix Integration. Do you know how to address https traffic?

If users try to access secure sites they receive a message indicating that authentication is required. For now we have been adding statements in the pix config to exclude authentication to the specified host. This doesnt seem to me to be the right solution or a good short term solution. Do you have any input on this?

CreatePlease login to create content