[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Websense integrated with Cisco ASA 5510

Posted on 2009-02-16
4
Medium Priority
?
9,057 Views
Last Modified: 2012-06-21
Good Morning EE,

We recently set up our new websense server to integrate with our ASA 5510.  I have read through the deployment guide and also followed the instructions found here :

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_23288643.html

I think we are still missing something and have a couple of questions.

When integrated with the ASA, do we still need to worry about the port spanning on the switch that the server is plugged directly into?
During some initial testing last Friday we were able to see the Websense server in action as I set up a est policy to block all for myself, though when we set monitor only policy for the entire domain and let it run through the weekend, it returned no data when we ran a report to see what was monitored.  Additionally, the monitoring somehow blocked our IronPort email filter from getting updates.

Does anyone have any ideas as to what we could me missing?  Documentation is good, Diagrams are better, and set-by-step walk-through's are fantastic.  As stated above I have already read through the deployment guide (which really says nothing helpful anyway) and any previous posts here on EE but still need a little more guidance.

NOTE:  Users are link either directly to the same switch as the Websense server or through various WAN links (T1, Metro Ethernet, Managed VPN) behind a Cisco 2821 router.
Websense.jpg
0
Comment
Question by:CityofKerrville
  • 2
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 2000 total points
ID: 23651537
Sounds like the websense is setup correctly if you were able to setup a policy and block yourself from accessing websites.  

I'll guess that the issue will be found in either the subnets you are monitoring in the ASA code or the Websense policy itself  and how it is set to catch traffic.  

Which subnet does your email server reside in?  

In your Filter URL command, what subnets do you have specified?  

In your Wesense box, can you summarize the policy?  ARe you using all ips for monitoring, all domain users?  
0
 

Author Comment

by:CityofKerrville
ID: 23651585
MikeKane,

Give a little bit to compile the answers to you question and I will get back to you.  Thanks you for the prompt response.
0
 

Author Comment

by:CityofKerrville
ID: 23651851
MikeKane,

1.  All of our server including the email filter that could not get updates reside in the 192.168.101.0 subnet

2.  here is what is currently in the firewall in regards to Websense
url-server (Inside) vendor websense host 192.168.101.245 timeout 10 protocol TCP version 4 connections 5
url-cache dst 128
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

3.  In Websense itself, we set up the default policy (monitoring only) and we pointed it to ALL client on the domain.
0
 
LVL 33

Assisted Solution

by:MikeKane
MikeKane earned 2000 total points
ID: 23652868
The ASA code looks correct and if this has not changed since your successful test, then I think we can safely eliminate the ASA code.     Again, if your test on yourself blocked the web requests and the monitoring and logging only is not catching anything, I would go back and triple check the policy you set for monitoring.    
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question