Ok, I have to admit up front that this question is merely for my own information. It is driving me crazy. I have inherited a network with a Websense content filter. It seems to work really good. What I don't fully understand is how it is working. As the network administrator I really think I should. So if anyone out there knows, I am all ears.
Here is the situation. We have a PIX 506 firewall connected to our ISP. There is no reference to the Websense server at all in the PIX config. The Websense server is not hard wired between the PIX and the rest of the network. When the server is down all traffic flows unrestricted to and from the Internet without having to change a thing.
How can a server block broacast traffic that I know the PIX is hearing and forwarding as both the Wensense and the PIX are connected to the same physical network? None of the clients have proxy server configured. The Websense seems to be able to yank packets off the network whenever it wants. How?