Solved

websense URL integration

Posted on 2007-03-28
8
368 Views
Last Modified: 2007-12-19
I currently have websense installed as a standalone install and all is great and working fine.  I am considering integrating my cisco device to the websense.  If I do this does this mean that the traffic that is passed to the cisco device will forward to the websense server before it is allowed out to the Interent.  I have a VPN that is connected to the Cisco device and am curious if I integrate websense it will filter this traffic too.
0
Comment
Question by:dtooth71
  • 4
  • 3
8 Comments
 
LVL 20

Expert Comment

by:RPPreacher
Comment Utility
URL Filter function does not forward all traffic.  It passes the URL and looks for authorization and then allows or denies.

Your VPN users traffic will not be filtered if you have split tunneling.  It will be filtered if you force their web traffic through the cisco device doing the URL filtering.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Assuming that your Cisco device is a PIX firewall, you can create filter exceptions so that traffic to the remote site is not filtered through WebSense..
0
 

Author Comment

by:dtooth71
Comment Utility
the VPN tunnels are slit tunneled...
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
You didn't provide the information I was looking for. Is it a PIX firewall as your VPN endpoint?
If yes, and you enable URL Filtering, then you simply create an exception list for the remote ip subnet so that traffic does not get filtered.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:dtooth71
Comment Utility
well it is a asa and I want to filter the URL I dod not want to make an exception
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
Comment Utility
OK, then just don't make any exception and all http traffic, even through the VPN tunnel, will be filtered.
hostname(config)# url-server  host 10.0.1.1
hostname(config)# filter url 80 0 0 0 0   <== all these 0's means "everything"


0
 

Author Comment

by:dtooth71
Comment Utility
ok, so if I enter those commands and substitute the 10.0.1.1 with the websense server all VPN traffic will be filtered, split-tunnel included?
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Well, that depends...
>I have a VPN that is connected to the Cisco device
Is this a VPN client, or is this a Lan-Lan vpn tunnel?

If it is a VPN client, then no, no web filtering takes place. The only way to accomplish this is to disable split-tunneling and use Websense as a proxy for your VPN clients.

If it is a L-L tunnel, then any http traffic from your network to www servers on the remote network is filtered.

Is your goal to actually filter the traffic, or determine if your traffic will be filtered when you connect via VPN client with split-tunneling enabled?
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now