Solved

Websense url-server shows as down

Posted on 2009-07-13
10
1,701 Views
Last Modified: 2012-08-14
When i do a sh url-server stat, it shows as the server/service as down. We have this setup the same way in over 20 locations, but i only run into this situation on a couple locations. I can reload the pix or asa and the service comes back up. I stays running for a few days, then stops again. What causes this? Is there a way to start it back up with reloading the pix/asa?
0
Comment
Question by:Neil2526
  • 5
  • 4
10 Comments
 
LVL 13

Expert Comment

by:3nerds
ID: 24853922
what does your "url-server" cofig line look like.

3nerds
0
 
LVL 14

Expert Comment

by:Ehab Salem
ID: 24856704
When it shows that Websense server is down, is it really down? If so, you need to check physical availabnle RAM on the WS Policy server and the EIM Server.
0
 

Author Comment

by:Neil2526
ID: 24860177
url-server (inside) vendor websense host 10.0.0.24 timeout 15 protocol UDP version 4

filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter ftp 21 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
http server enable


The websense server is not down, but for some reason on the asa or pix it says it is. If i reload it, all is ok and shows up.
I want to know what causes this, and is there a way on the asa/pix that i can restart this without reloading it?
thanks
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 13

Expert Comment

by:3nerds
ID: 24860461
Couple of thoughts here.

First to get it back up without rebooting try:

no url-server (inside) vendor websense host 10.0.0.24 timeout 15 protocol UDP version 4

and then put it back:

url-server (inside) vendor websense host 10.0.0.24 timeout 15 protocol UDP version 4

Secondly

I would consider switching your current line to this:

url-server (inside) vendor websense host 10.0.0.24 timeout 30 protocol TCP version 4

As TCP is the preferred protocol straight from the websense documents and the legnthing of the time out may help as it appears the server is not responding or you are seeing a delay on your network causing it to drop.

Taken from here: Page 223

http://eproductivity.org/SupportPortal/documents/v631/WSInstall_Cisco.pdf

Good Luck,

3nerds
0
 

Author Comment

by:Neil2526
ID: 24860728
Tried your suggestion of taking out the websense command and putting it back in, with no luck on the restarting of the websense on the pix/asa. See out put below:
Server Statistics:
--------------------
10.0.0.24                         DOWN
  Vendor                          websense
  Port                            15868
  Requests total/allowed/denied   0/0/0
  Server timeouts/retries         0/0
  Responses received              0
  Response time average 60s/300s  0/0

I will try changing to tcp and lengthing the timeout and see what happens
0
 
LVL 13

Expert Comment

by:3nerds
ID: 24860776
From the asa can you ping the websense server?

3nerds
0
 

Author Comment

by:Neil2526
ID: 24860917
I can ping the websense server(located here at corporate) from the remote server located behing the asa, but not from the asa directly(icmp not turned on?)
0
 
LVL 13

Expert Comment

by:3nerds
ID: 24861160
but not from the asa directly(icmp not turned on?) ---> I assume you websense server is connected off your inside interface, as such ping should not be blocked unless the websense server has a firewall turned on. But if you can ping the websense server remotely then you should be able to from the asa. I would start my digging from here as the asa must be able to directly talk to the websense server or this problem will never go away.


Regards,

3nerds
0
 

Author Comment

by:Neil2526
ID: 24862723
sorry, i can ping(ping inside 10.0.0.24). I can change the statement from UDP to TCP but i afraid of the impact on the vpn traffic back and forth to the websense server and asa slowing down or connection.
0
 
LVL 13

Accepted Solution

by:
3nerds earned 500 total points
ID: 24863393
Not sure I can answer that for you I can only tell you I have customers with vpn connected sites using tcp in the statement but only you can make that choice. I don't see exactly how changing that would affect it but stranger things have happened.

3nerds
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco IP Phone upgrade 3 35
clear arp 1 38
Unmanaged Switches for Optimized Network Speeds 7 50
Password recovery 2960S 4 11
How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question