Advertisement

04.03.2008 at 06:52AM PDT, ID: 23292778
[x]
Attachment Details

Websense Block Page is not appearing on clients

Asked by JavaEnabled in Network Software Firewalls, Web Browsers

Tags: Websense, Websense Enterprise, 6.3, Juniper, NetScreen, SSG550, Version: 5.4.0r7.0 (Firewall+VPN)

Websense has recently been deployed as my site's web filtering solution.  We're using port spanning to replicate the activity from 6 internal user VLANs to the Websense server.  The WS server has dual NICs.  One is dedicated to listening to all the traffic, and the other is used for the application's use (and administration).  The product is working and restricted sites are being blocked.  However, we are not seeing the "blocked page" HTML that should come with it.

Here's a quick breakdown of what is happening...
1.  User enters the URL to a restricted site, and submits the page.
2.  The request is sent out, and the activity is replicated to the Websense server via port spanning.
3.  Websense recogizes the site as a restricted site, and issues a 302 reset.
4.  The client browser returns a "Internet Explorer cannot display the webpage" message.

What is supposed to happen is there should be a webpage displayed (from the Websense server) that reads as "Your organization's Internet use policy restricts access to this web page at this time."  Everything else is working, but this page never makes it to the client.

What I suspect is happening is...
1.  The Websense server issues the 302 reset.
2.  The Websense server then assumes the identity of the web destination, and responds to the client with the "... Internet use policy..." page.  (By doing this... the user would still see thier original destination in the address line of thier browser... but the block page is coming from our internal server.)
3.  This data is traveling out of the server... across my Cisco 3750 switch stack... and to my internal firewall (Netscreen SSG550).
4.  Since the Websense server has "assumed the identify of the web destination"... I suspect that the NetScreen FW is seeing it as an IP Spoofing attack, and blocking the traffic at that point.  I cannot be 100% sure that this is what is happening, but that is guess.

I have reviewed the Screening settings for the Zones on my NetScreen, and I do not see where any IP Spoofing protection is enabled.  I was suspecting that this protection might be configurable by interface (or sub-interface), but I'm not sure where to confirm or deny that.

Any suggestions in reguards to the Websense product or the NetScreen firewall would be gratefully welcomed during pursuit of a resolution.

Thank you.
Start Free Trial
[+][-]04.03.2008 at 07:45PM PDT, ID: 21278726

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.07.2008 at 10:29AM PDT, ID: 21298896

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.20.2008 at 01:56AM PDT, ID: 21395396

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Network Software Firewalls, Web Browsers
Tags: Websense, Websense Enterprise, 6.3, Juniper, NetScreen, SSG550, Version: 5.4.0r7.0 (Firewall+VPN)
Sign Up Now!
Solution Provided By: ehabsalem
Participating Experts: 3
Solution Grade: C
 
 
[+][-]04.20.2008 at 11:22AM PDT, ID: 21397079

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.20.2008 at 11:42PM PDT, ID: 21399178

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.29.2008 at 03:56AM PDT, ID: 21667839

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.03.2008 at 06:20AM PDT, ID: 21700067

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.03.2008 at 11:11PM PDT, ID: 21707319

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 7-day free trial to view this Administrative Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628