I have seen this question numerous times with the same answer, and it seems to be working for the most part...but I am still missing something! I need to get my Websense server filtering all the protocols(not just HTTP). I am using a (2) Sonicwall pro 4060 firewalls in a fail over configuration. Briefly my setup...
Cisco 3750G switch
Backup Sonicwall LAN plugged into port Gi1/0/5
Primary Sonicwall LAN plugged into port Gi/1/0/18
Websense server xxx.xxx.xx.44 NIC plugged into Port 6, xxx.xxx.xx.45 NIC plugged into port 21
monitor session 1 source interface Gi1/0/5 , Gi1/0/18
monitor session 1 destination interface Gi1/0/21 ingress untagged vlan 1
CORESW1#show monitor session 1
Type : Local Session
Source Ports :
Both : Gi1/0/5,Gi1/0/18
Destination Ports : Gi1/0/21
Encapsulation : Native
Ingress : Enabled, default VLAN = 1
Ingress encapsulation: Untagged
At this moment the Websense server is seeing all HTTP traffic, and is successfully blocking traffic per the block policy. The biggest issue is its not seeing any other protocol. Websense support tells me that this means the span is setup incorrectly...I am able to bi-directionally communicate to both NICs on the server, is this part of the problem? I really don't care if only 1 is able to communicate outbound or not, so that can be changed if needed.
I ran a wireshark capture of the .45 NIC on the websense server and it seems to only see HTTP information coming from the outside in, this doesnt seem quite right does it?