Solved

Websense - How to Stop Login

Posted on 2016-07-28
3
34 Views
Last Modified: 2016-09-01
I'm not super familiar with Websense. I have a client using Websense (Forcepoint) Cloud Security. When the users are at their location, everything works great. However, when they are offsite anytime they venture onto the web they are sent to a login screen. It was my understanding that with the endpoint client installed, which it is, they would not have to login when browsing. Could there be something misconfigured? Are there any Websense/Forcepoint experts who could give me a hand with this?
0
Comment
Question by:MrComputerIT
  • 3
3 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points (awarded by participants)
ID: 41733218
It sounds to me it is proxy authentication which prompt the login. Authentication on the proxy requires users to identify themselves.
Note
When prompted for credentials, if the user does not enter a domain name, a "session timeout" error can result, or the user may be re-prompted.
http://www.websense.com/content/support/library/web/v75/wcg_help/browser_limitations.aspx#1078246

It may be the sense that in other site it is not in authenticated mode hence the prompt  pops up. May need to check the setting for the proxy  e.g.
*Using LDAP proxy authentication
*Using RADIUS proxy authentication
*Using NTLM proxy authentication
http://www.websense.com/content/support/library/web/v75/wcg_help/authen.aspx
0
 
LVL 62

Assisted Solution

by:btan
btan earned 500 total points (awarded by participants)
ID: 41754852
Typically for such prompting of login from browser is due to proxy,in this case, Websense (Forcepoint) Cloud Security is authenticating the user prior to granting further access into the internet or other networks.. the prompt can happen on below scenario
a) if session is timeout as shared in previous post whereby the session can be expired or idle for a long session which will requires re-login. At times it can also be timeout is too short hence the multiple prompt triggers
b) if user session is not in sync such that the identity cannot be established as user is trying to gain access to authenticated resources.
c) if synchronised user does not meet the below NTLM identification if it is configured to check prir to granting further access
For NTLM identification to work for synchronized users:
Synced users must be coming from a known IP address (previously configured in a Cloud policy).
If they are coming from a known IP address but still receive an authentication prompt, then one or more of the following may apply:
The NTLM ID’s may not match.
The browser they are using does not support NTLM.
They are logged in as a local user (not the synced domain account).
If everything is working, as it should for the synced users, then the only time they should receive a logon page is when they are roaming.
 
d) if there is no deployed Web Endpoint Client or Authentication Service to the client, then Cloud Web Security can only identify users transparently or manually when they connect to the Internet. These options are also used as a fallback if either the Endpoint Client or Authentication Service fails. There is need to review the below too.
Cloud Web Security transparent identification options:
Websense Web Endpoint client is installed on end user machines. It provides transparent authentication, enforce use of Cloud security filtering and passes authentication details to the Cloud service. See Deploying Web Endpoint Client.

Websense Authentication Service provides clientless transparent authentication via a Websense gateway V-Series appliance hosted on your network. See Deploying Authentication Service.
http://www.websense.com/support/article/kbarticle/Authenticating-the-first-time-with-Hosted-Web-Security

More info on "Setting Up End-User Authentication" http://www.websense.com/content/support/library/web/hosted/getting_started/enduser_auth.aspx
0
 
LVL 62

Expert Comment

by:btan
ID: 41779493
Explained on the most probable cause to the issued faced and propose measure to consider
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cloud-based technologies and services will continue to grow in popularity in 2017 thanks to the simple, scalable and cost-effective solutions they deliver. Here are three areas where cloud adoption is poised to really take off.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques. This attack comes as a nightmare trifecta for email filtering services; sent from a familiar contact, using authentic tone and verbi…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This is an introductory video for CloudBerry Managed Backup. You will learn how to sign up with the service and get started in a few minutes.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now