Solved

websense URL integration

Posted on 2007-03-28
8
372 Views
Last Modified: 2007-12-19
I currently have websense installed as a standalone install and all is great and working fine.  I am considering integrating my cisco device to the websense.  If I do this does this mean that the traffic that is passed to the cisco device will forward to the websense server before it is allowed out to the Interent.  I have a VPN that is connected to the Cisco device and am curious if I integrate websense it will filter this traffic too.
0
Comment
Question by:dtooth71
  • 4
  • 3
8 Comments
 
LVL 20

Expert Comment

by:RPPreacher
ID: 18810724
URL Filter function does not forward all traffic.  It passes the URL and looks for authorization and then allows or denies.

Your VPN users traffic will not be filtered if you have split tunneling.  It will be filtered if you force their web traffic through the cisco device doing the URL filtering.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18810778
Assuming that your Cisco device is a PIX firewall, you can create filter exceptions so that traffic to the remote site is not filtered through WebSense..
0
 

Author Comment

by:dtooth71
ID: 18815583
the VPN tunnels are slit tunneled...
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18815715
You didn't provide the information I was looking for. Is it a PIX firewall as your VPN endpoint?
If yes, and you enable URL Filtering, then you simply create an exception list for the remote ip subnet so that traffic does not get filtered.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:dtooth71
ID: 18815887
well it is a asa and I want to filter the URL I dod not want to make an exception
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 18816008
OK, then just don't make any exception and all http traffic, even through the VPN tunnel, will be filtered.
hostname(config)# url-server  host 10.0.1.1
hostname(config)# filter url 80 0 0 0 0   <== all these 0's means "everything"


0
 

Author Comment

by:dtooth71
ID: 18816220
ok, so if I enter those commands and substitute the 10.0.1.1 with the websense server all VPN traffic will be filtered, split-tunnel included?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18816301
Well, that depends...
>I have a VPN that is connected to the Cisco device
Is this a VPN client, or is this a Lan-Lan vpn tunnel?

If it is a VPN client, then no, no web filtering takes place. The only way to accomplish this is to disable split-tunneling and use Websense as a proxy for your VPN clients.

If it is a L-L tunnel, then any http traffic from your network to www servers on the remote network is filtered.

Is your goal to actually filter the traffic, or determine if your traffic will be filtered when you connect via VPN client with split-tunneling enabled?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now