Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


websense URL integration

Posted on 2007-03-28
Medium Priority
Last Modified: 2007-12-19
I currently have websense installed as a standalone install and all is great and working fine.  I am considering integrating my cisco device to the websense.  If I do this does this mean that the traffic that is passed to the cisco device will forward to the websense server before it is allowed out to the Interent.  I have a VPN that is connected to the Cisco device and am curious if I integrate websense it will filter this traffic too.
Question by:dtooth71
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 20

Expert Comment

ID: 18810724
URL Filter function does not forward all traffic.  It passes the URL and looks for authorization and then allows or denies.

Your VPN users traffic will not be filtered if you have split tunneling.  It will be filtered if you force their web traffic through the cisco device doing the URL filtering.
LVL 79

Expert Comment

ID: 18810778
Assuming that your Cisco device is a PIX firewall, you can create filter exceptions so that traffic to the remote site is not filtered through WebSense..

Author Comment

ID: 18815583
the VPN tunnels are slit tunneled...
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

LVL 79

Expert Comment

ID: 18815715
You didn't provide the information I was looking for. Is it a PIX firewall as your VPN endpoint?
If yes, and you enable URL Filtering, then you simply create an exception list for the remote ip subnet so that traffic does not get filtered.

Author Comment

ID: 18815887
well it is a asa and I want to filter the URL I dod not want to make an exception
LVL 79

Accepted Solution

lrmoore earned 1000 total points
ID: 18816008
OK, then just don't make any exception and all http traffic, even through the VPN tunnel, will be filtered.
hostname(config)# url-server  host
hostname(config)# filter url 80 0 0 0 0   <== all these 0's means "everything"


Author Comment

ID: 18816220
ok, so if I enter those commands and substitute the with the websense server all VPN traffic will be filtered, split-tunnel included?
LVL 79

Expert Comment

ID: 18816301
Well, that depends...
>I have a VPN that is connected to the Cisco device
Is this a VPN client, or is this a Lan-Lan vpn tunnel?

If it is a VPN client, then no, no web filtering takes place. The only way to accomplish this is to disable split-tunneling and use Websense as a proxy for your VPN clients.

If it is a L-L tunnel, then any http traffic from your network to www servers on the remote network is filtered.

Is your goal to actually filter the traffic, or determine if your traffic will be filtered when you connect via VPN client with split-tunneling enabled?

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question