Websense integrated with Cisco ASA 5510

Posted on 2009-02-16
Last Modified: 2012-06-21
Good Morning EE,

We recently set up our new websense server to integrate with our ASA 5510.  I have read through the deployment guide and also followed the instructions found here :

I think we are still missing something and have a couple of questions.

When integrated with the ASA, do we still need to worry about the port spanning on the switch that the server is plugged directly into?
During some initial testing last Friday we were able to see the Websense server in action as I set up a est policy to block all for myself, though when we set monitor only policy for the entire domain and let it run through the weekend, it returned no data when we ran a report to see what was monitored.  Additionally, the monitoring somehow blocked our IronPort email filter from getting updates.

Does anyone have any ideas as to what we could me missing?  Documentation is good, Diagrams are better, and set-by-step walk-through's are fantastic.  As stated above I have already read through the deployment guide (which really says nothing helpful anyway) and any previous posts here on EE but still need a little more guidance.

NOTE:  Users are link either directly to the same switch as the Websense server or through various WAN links (T1, Metro Ethernet, Managed VPN) behind a Cisco 2821 router.
Question by:CityofKerrville
    LVL 33

    Accepted Solution

    Sounds like the websense is setup correctly if you were able to setup a policy and block yourself from accessing websites.  

    I'll guess that the issue will be found in either the subnets you are monitoring in the ASA code or the Websense policy itself  and how it is set to catch traffic.  

    Which subnet does your email server reside in?  

    In your Filter URL command, what subnets do you have specified?  

    In your Wesense box, can you summarize the policy?  ARe you using all ips for monitoring, all domain users?  

    Author Comment


    Give a little bit to compile the answers to you question and I will get back to you.  Thanks you for the prompt response.

    Author Comment


    1.  All of our server including the email filter that could not get updates reside in the subnet

    2.  here is what is currently in the firewall in regards to Websense
    url-server (Inside) vendor websense host timeout 10 protocol TCP version 4 connections 5
    url-cache dst 128
    filter url http allow

    3.  In Websense itself, we set up the default policy (monitoring only) and we pointed it to ALL client on the domain.
    LVL 33

    Assisted Solution

    The ASA code looks correct and if this has not changed since your successful test, then I think we can safely eliminate the ASA code.     Again, if your test on yourself blocked the web requests and the monitoring and logging only is not catching anything, I would go back and triple check the policy you set for monitoring.    

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
    Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now