• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9081
  • Last Modified:

Websense integrated with Cisco ASA 5510

Good Morning EE,

We recently set up our new websense server to integrate with our ASA 5510.  I have read through the deployment guide and also followed the instructions found here :

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_23288643.html

I think we are still missing something and have a couple of questions.

When integrated with the ASA, do we still need to worry about the port spanning on the switch that the server is plugged directly into?
During some initial testing last Friday we were able to see the Websense server in action as I set up a est policy to block all for myself, though when we set monitor only policy for the entire domain and let it run through the weekend, it returned no data when we ran a report to see what was monitored.  Additionally, the monitoring somehow blocked our IronPort email filter from getting updates.

Does anyone have any ideas as to what we could me missing?  Documentation is good, Diagrams are better, and set-by-step walk-through's are fantastic.  As stated above I have already read through the deployment guide (which really says nothing helpful anyway) and any previous posts here on EE but still need a little more guidance.

NOTE:  Users are link either directly to the same switch as the Websense server or through various WAN links (T1, Metro Ethernet, Managed VPN) behind a Cisco 2821 router.
Websense.jpg
0
CityofKerrville
Asked:
CityofKerrville
  • 2
  • 2
2 Solutions
 
MikeKaneCommented:
Sounds like the websense is setup correctly if you were able to setup a policy and block yourself from accessing websites.  

I'll guess that the issue will be found in either the subnets you are monitoring in the ASA code or the Websense policy itself  and how it is set to catch traffic.  

Which subnet does your email server reside in?  

In your Filter URL command, what subnets do you have specified?  

In your Wesense box, can you summarize the policy?  ARe you using all ips for monitoring, all domain users?  
0
 
CityofKerrvilleAuthor Commented:
MikeKane,

Give a little bit to compile the answers to you question and I will get back to you.  Thanks you for the prompt response.
0
 
CityofKerrvilleAuthor Commented:
MikeKane,

1.  All of our server including the email filter that could not get updates reside in the 192.168.101.0 subnet

2.  here is what is currently in the firewall in regards to Websense
url-server (Inside) vendor websense host 192.168.101.245 timeout 10 protocol TCP version 4 connections 5
url-cache dst 128
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

3.  In Websense itself, we set up the default policy (monitoring only) and we pointed it to ALL client on the domain.
0
 
MikeKaneCommented:
The ASA code looks correct and if this has not changed since your successful test, then I think we can safely eliminate the ASA code.     Again, if your test on yourself blocked the web requests and the monitoring and logging only is not catching anything, I would go back and triple check the policy you set for monitoring.    
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now