July 8, 2008 08:22pm pdt

1. 2PiFL 5,300
2. b0lsc0tt 4,900
3. Merete 4,200
4. lherrou 2,875
5. dtodd 2,000
5. printerguy 2,000
5. Jester_48 2,000
5. Akenathon 2,000
5. jar3817 2,000
5. sinoj 2,000
5. MaduKp 2,000
5. humergu 2,000
5. SLaffert... 2,000
5. riaancor... 2,000
15. grahamno... 1,600

1. 2PiFL 5,300
2. b0lsc0tt 4,900
3. lherrou 4,875
4. Merete 4,200
5. KCTS 3,200
6. printerguy 2,000
6. MaduKp 2,000
6. shahprabal 2,000
6. yasirirfan 2,000
6. dtodd 2,000
6. cipher007 2,000
6. Akenathon 2,000
6. cjm30305 2,000
6. Jester_48 2,000
6. jar3817 2,000
6. willcomp 2,000
6. bigjimbo813 2,000
6. riaancor... 2,000
6. hes 2,000
6. humergu 2,000
6. SLaffert... 2,000
6. sinoj 2,000
6. dragonjim 2,000
6. magnetic... 2,000

09.20.2007 at 10:26AM PDT, ID: 22842075

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.0

Websense blocking random sites.

Zones: Education Industry, Hot URLs, Windows 2000 Server

Tags: websense

We are a school district, with a WebSense content filtering package (version 5.3). we have had this product for years without any issues.
Websense is sitting off our Pix firewall (Version 6.3(1))
In the past day we started experiencing a very weird problem.

Randomly, sites get blocked, though we wouldn't get the Websense Blocked page, but rather a page timeout.
Observations I have made over the process:
- Google.com is one of the sites that was blocked. however, I can get to google by its IP address
- I have restarted our DNS services, and Update the server files, and thoroughly tested DNS. I am able to resolve all addressed immediately without a problem.
- I was able to telnet to google.com to port 80 without a problem (even by URL).
- That same morning, our district website, which is a hosted website was not available due to Websense malfunctioning, after rebooting the server though the other inaccessible URLs (i.e google.com) remained inaccessible, the district website became accessible again.
- When restarting the Filtering service, and WHILE the Websense database is loading, everything works just fine (Even google), AND, filtering IS functional.
- As soon as the database finishes loading, all the URLs that used to previously be inaccessible, become inaccessible again.

Things we've done:
- Restarted the services, and websense server multiple times
- Changed the setting for DNSLookup to AUTO, ON and OFF in EIMServer.ini, thinking it may be a DNS issue.
- Ran a repair on WebSense, and forced a redownload of the database.
- Called WebSense support, and reached Level 2 support, and they were stomped by the problem.
- They suspected it's my DNS (I don't agree, as all DNS resolutions are working perfectly)
- They suspected it's my firewall (I have 2 interfaces on my WebSense box, one connected to the network, and the other directly connected to the DMZ interface on the firewall, to avoid traffic lag.) This has worked for years without any issues, so not sure why this would just now become a problem. -

Things I know:
- The box that my Websense is running on is underspec-ed (800Mhz with 1Gb of RAM). But has been running that way for the past 4 years.
- Two things have changed this year was that we upped the user count from 2500 to 4000, and we changed most of our sites from ATM to TLS connections.

At this point, we are completely stomped as to what is causing it.
Websense wanted us to call a conference with us them, and Cisco TAC, which didn't make sense to me
The next steps I'm working on are:
1- This afternoon, will run SFC on the Websense host OS, as well as defrag, as the OS is in pretty bad shape.
2- Placed an order for a new server to move the Websense service to.

All that being said, would anyone have any ideas about why this problem may be occuring?
If you need any more information that I may have omitted, please let me know and I'd be happy to provide it.

Start your free trial to view this solution

Question Stats

Zone: Software

Question Asked By: cvservices

Solution Provided By: Computer101

Participating Experts: 4

Solution Grade: A

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
New Net Users
New Users

Software
Digital Music
Gaming World

Home Security
Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Handhelds / PDAs
Displays / Monitors
Components
Networking Hardware

Peripherals
Laptops/Notebooks
Storage
Servers

Desktops
New Users
Misc
Apple

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMWare
Misc
Web Development

OS
CYGWIN
Voice Recognition
Message Queue
Quality Assurance
Security
Firewalls
MultiMedia Applications

Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals

Devices
Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
WebApplications
IDS
Vulnerabilities
Email Clients

File Sharing
Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMWare

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel

Algorithms
Game
Signal Processing
Project Management
Open Source

Database
Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Images

Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration
WebApplications

Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Broadband

Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Community Advisor
Lounge
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles

Community Support

Suggestions
New to EE
New Topics
Community Advisor

CleanUp
Announcements
General

Feedback
Input
EE Bugs

09.20.2007 at 11:34AM PDT, ID: 19930547

Luke92881:

Is the filtering on the PIX set to block traffic when the websense server is down?
I'm not sure about (5.3) but we have 6.3 where I'm at, in the Websense Manager there are similar settings, such as block users when subscription expires or is exceeded.

Perhaps your subscription count is exceeded?
The only time I've seen it just timeout and not display the websense screen is when accessing HTTPS.

09.20.2007 at 11:38AM PDT, ID: 19930586

cvservices:

Luke, the information you are providing is actually very accurate.
To answer your questions:
- The PIX Is set to block traffic if the Websense server is down.
- The number of users we used to have was 2500, and we used to hit Websense user limit, and would end up losing access to ALL internet resources.

However, our particular case is not related to user limit, as most sites works, but some random ones just don't. regardless of whether they are http or https.

09.21.2007 at 06:26AM PDT, ID: 19935314

Luke92881:

I somehow missed that you upped your user count to 4000. Sorry.
Anyway, correct me if I'm wrong but Websense applies rights in the following way.

User
Workstation
Network Range
Group
OU

With User taking presadance over everything else. My understanding is that the only way something is Cumulative is at the group level. Although I think by default the least restrictive group is the one that takes over but you can change that.

Before I go any further... Is this happening to everyone? Do you have an Admin user that is set to a Policy that is Never block for testing purposes?

What I'm trying to get at is, maybe some people belong to multiple groups and the Default actions of the cumulative groups has been changed...

I'm probably way off base, I just re-read your original question and it seems really odd... I'm surprised Websense support is of no help, they have always been able to help us.

Are you familiar with the websenseping command?
On the Websense server go to command prompt
navigate to the websense\bin directory

try websenseping -m 2 -url www.google.com
then try it's IP

09.21.2007 at 08:09AM PDT, ID: 19936242

cvservices:

Luke,
I think all your steps for troubleshooting, are consistent with a "working" websense box. meaning that, everything is working ok, but I'm getting something that is blocked by the websense database that isn't. however, and this next answer I'll give you will prove this to you.
You asked if I had an admin user that is set to Never Block. the answer is yes, my user account is not blocked, however, I am still not getting any access to google.com, mind you I don't get the websense blocked page, but a request timed out.

Here's the websense ping result.
------------------------------------------
Sending URL_LOOKUP_REQUEST_EX...
------------------------------------------

URL = http://google.com
User Name =
Source IP = 0.0.0.0
Destination IP = 72.14.207.99

Disposition = CATEGORY_NOT_BLOCKED
Lookup Code = WISP_URL_OK
Category = Search Engines and Portals

Elapsed Time = 3 ms

AVG TIME PER REQUEST = 3 ms

We ran a wisptrace yesterday, and an SFC /scannow on the OS last night, and now the database will attempt to load, but then will say "Error loading database" in the status line, instead of "Idle". as soon as that happens, communication with the PIX ceases whenever the particular websites are hit.

I know, weird, we're all stomped. any more ideas? I'm currently in the process of rebuilding the websense box and moving it over, and see if that'll make any difference. I will post if this fixed the problems. otherwise I'll be back with more :)

09.21.2007 at 09:47AM PDT, ID: 19937128

Luke92881:

That is messed up....
Does not sound like the PIX is the problem because of the error when connecting to the database...

I want to try and help solve the problem not attempt to side step it.... So offering the bad idea of not filtering the outside interface for the Google IP is probably a bad idea.

Anyway, I'm stumped, have you checked all the settings in the manager?
Network Agent, Global settings Nic-1 and 2? Block Messages, common filtering?

Are you integrated with AD?

09.21.2007 at 09:57AM PDT, ID: 19937201

cvservices:

haha messed up and stomped have been my words of the day for the past 2 days.

I agree that it doesn't sound like a PIX. To me, after doing all my troubleshooting, I'm thinking of two possible sources of the problem:
1- The OS, some basic functionality of the OS wasn't operating as expected, (Add/Remove program doesn't come up, when you open explorer, the search area on the left is grayed out, etc...) with all this though, I'm still not convinced that it's the OS that is causing it.
2- Something is corrupt within the Websense Policy server, or database. (more likely in my opinion)

So after I finish reloading the box, I'm going to try to run WebSense with its out of the box config, and see if it operates normally, then I will restore the old config, and see if it breaks again. that will hopefully help me determine where the problem is.

Regarding the NIC, Network agent and all that. I think these factors will be completely eliminated, since I'm rebuilding WebSense on a completely different box.

Thanks for your willingness to help Luke! I appreciate it!
Georges,

09.21.2007 at 09:58AM PDT, ID: 19937205

cvservices:

by the way, I am not integrated with AD at this point...

09.21.2007 at 10:20AM PDT, ID: 19937360

Luke92881:

I think that the config.xml file located in websense\bin is the file you need to copy over once you are ready to bring your policies over to the new server.

I wish I could have helped you with this one... I'm curious to know what the new server does.

09.21.2007 at 10:42AM PDT, ID: 19937547

cvservices:

I'll keep you posted. If I end up resolving the issue, I'd want this topic to be on here in case someone else faces it. It's not something that Websense support has ever seen before apparently.

09.23.2007 at 02:18AM PDT, ID: 19943866

-Mystique-:

The Wiki on Websense might be helpful to you too. When you look at the category list, it's very broad spectrum!
http://en.wikipedia.org/wiki/Websense
Websense is designed to allow system administrators to block access to web sites (and other protocols) based on categories.
These categories contain lists of sites that can be blocked. Separate categories can be blocked at all times or only during certain times of the day. The software also allows organizations to offer a "continue button," which allows users to go to a blocked category if it is work related.[3]

Abortion
Adult Material (including sex education[4], including government/charity-sponsored websites for teenagers)
Advertisements
Advocacy Groups
Alternative Journalism
Bad taste
Blocked Sites
Business and Economy
Dating and Personals
Drugs
Education
Entertainment
Freeware and Software Download
Free
Gambling
Games
Government
Gay or Lesbian or Bisexual Interest
Forums
Health
Hobbies
Illegal or Questionable (sites promoting illegal activity)
Information Technology
Instant Messaging
Internet Communication
Internet Radio and TV
Internet Telephony
Job Search
Message Boards and Clubs
Militancy and Extremist
Miscellaneous
News and Media
Online Brokerage and Trading
Other
Pay-to-Surf
Peer-to-Peer File Sharing
Personal Network Storage and Backup
Personals and Dating
Productivity Loss
Proxy Avoidance
Racism and Hate
Religion
Sex
Sports
Shopping
Social Organizations
Society and Lifestyles
Streaming Media
Tasteless
Travel
Uncategorized
URL Translation Services
Vehicles
Web-based e-mail
Many blocks have been questioned. More categories can be filtered for an extra fee including:

Keyloggers
Phishing and Other Frauds
Potentially Unwanted Software (defined as "Sites that use technologies that alter the operation of the user's hardware, software, or network in ways that diminish control over the user experience, privacy, or the collection and distribution of personal information."
Spyware
System administrators can also set up custom categories, which allows the administrator to block websites that they deem inappropriate if they do not want to block the website's entire category.

09.24.2007 at 08:01AM PDT, ID: 19948890

cvservices:

I just wanted to post the solution that resolved my problem.
Well, it was basically reinstalling websense.
I happened to reinstall it on a different server, as the server it was on was under-specced. I'm not quite sure whether it was the hardware that was causing the problem, or the unstable OS. but rebuilding it all from scratch, and restoring the configuration seemed to resolve the problem.

p.s: Mystique, though I appreciate your attempt to help. next time it might help to: 1- read what my problem was, as your solution had nothing to do with my problem, and 2- suggest something other than a copy and paste from wikipedia.

09.24.2007 at 08:03AM PDT, ID: 19948914

cvservices:

MESSAGE TO MODERATOR:
This question has been self resolved, but I would like to give partial credit to Luke92881 for a valiant attempt.
I would appreciate crediting him 200 points.

Thank you!

09.24.2007 at 04:55PM PDT, ID: 19952574

Luke92881:

Thanks for posting the results of the reinstall.

11.08.2007 at 08:23PM PST, ID: 20247516

chandru_sol:

Hi Guys,

Can you help me with the question below?

http://www.experts-exchange.com/Security/Software_Firewalls/Q_22943816.html

regards
Chandru

01.09.2008 at 02:56AM PST, ID: 20616960

Venabili:

No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
PAQ with points refunded

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Venabili
EE Cleanup Volunteer

01.13.2008 at 08:01PM PST, ID: 20650665

Computer101:

PAQed with points refunded (500)

Computer101
EE Admin

Accepted Solution

20080236-EE-VQP-29 / EE_QW_2_20070628