websense URL integration

Posted on 2007-03-28
Last Modified: 2007-12-19
I currently have websense installed as a standalone install and all is great and working fine.  I am considering integrating my cisco device to the websense.  If I do this does this mean that the traffic that is passed to the cisco device will forward to the websense server before it is allowed out to the Interent.  I have a VPN that is connected to the Cisco device and am curious if I integrate websense it will filter this traffic too.
Question by:dtooth71
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 20

Expert Comment

ID: 18810724
URL Filter function does not forward all traffic.  It passes the URL and looks for authorization and then allows or denies.

Your VPN users traffic will not be filtered if you have split tunneling.  It will be filtered if you force their web traffic through the cisco device doing the URL filtering.
LVL 79

Expert Comment

ID: 18810778
Assuming that your Cisco device is a PIX firewall, you can create filter exceptions so that traffic to the remote site is not filtered through WebSense..

Author Comment

ID: 18815583
the VPN tunnels are slit tunneled...
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 79

Expert Comment

ID: 18815715
You didn't provide the information I was looking for. Is it a PIX firewall as your VPN endpoint?
If yes, and you enable URL Filtering, then you simply create an exception list for the remote ip subnet so that traffic does not get filtered.

Author Comment

ID: 18815887
well it is a asa and I want to filter the URL I dod not want to make an exception
LVL 79

Accepted Solution

lrmoore earned 250 total points
ID: 18816008
OK, then just don't make any exception and all http traffic, even through the VPN tunnel, will be filtered.
hostname(config)# url-server  host
hostname(config)# filter url 80 0 0 0 0   <== all these 0's means "everything"


Author Comment

ID: 18816220
ok, so if I enter those commands and substitute the with the websense server all VPN traffic will be filtered, split-tunnel included?
LVL 79

Expert Comment

ID: 18816301
Well, that depends...
>I have a VPN that is connected to the Cisco device
Is this a VPN client, or is this a Lan-Lan vpn tunnel?

If it is a VPN client, then no, no web filtering takes place. The only way to accomplish this is to disable split-tunneling and use Websense as a proxy for your VPN clients.

If it is a L-L tunnel, then any http traffic from your network to www servers on the remote network is filtered.

Is your goal to actually filter the traffic, or determine if your traffic will be filtered when you connect via VPN client with split-tunneling enabled?

Featured Post

Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

634 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question