Solved

Websense - How to Stop Login

Posted on 2016-07-28
3
59 Views
Last Modified: 2016-09-01
I'm not super familiar with Websense. I have a client using Websense (Forcepoint) Cloud Security. When the users are at their location, everything works great. However, when they are offsite anytime they venture onto the web they are sent to a login screen. It was my understanding that with the endpoint client installed, which it is, they would not have to login when browsing. Could there be something misconfigured? Are there any Websense/Forcepoint experts who could give me a hand with this?
0
Comment
Question by:MrComputerIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
3 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points (awarded by participants)
ID: 41733218
It sounds to me it is proxy authentication which prompt the login. Authentication on the proxy requires users to identify themselves.
Note
When prompted for credentials, if the user does not enter a domain name, a "session timeout" error can result, or the user may be re-prompted.
http://www.websense.com/content/support/library/web/v75/wcg_help/browser_limitations.aspx#1078246

It may be the sense that in other site it is not in authenticated mode hence the prompt  pops up. May need to check the setting for the proxy  e.g.
*Using LDAP proxy authentication
*Using RADIUS proxy authentication
*Using NTLM proxy authentication
http://www.websense.com/content/support/library/web/v75/wcg_help/authen.aspx
0
 
LVL 63

Assisted Solution

by:btan
btan earned 500 total points (awarded by participants)
ID: 41754852
Typically for such prompting of login from browser is due to proxy,in this case, Websense (Forcepoint) Cloud Security is authenticating the user prior to granting further access into the internet or other networks.. the prompt can happen on below scenario
a) if session is timeout as shared in previous post whereby the session can be expired or idle for a long session which will requires re-login. At times it can also be timeout is too short hence the multiple prompt triggers
b) if user session is not in sync such that the identity cannot be established as user is trying to gain access to authenticated resources.
c) if synchronised user does not meet the below NTLM identification if it is configured to check prir to granting further access
For NTLM identification to work for synchronized users:
Synced users must be coming from a known IP address (previously configured in a Cloud policy).
If they are coming from a known IP address but still receive an authentication prompt, then one or more of the following may apply:
The NTLM ID’s may not match.
The browser they are using does not support NTLM.
They are logged in as a local user (not the synced domain account).
If everything is working, as it should for the synced users, then the only time they should receive a logon page is when they are roaming.
 
d) if there is no deployed Web Endpoint Client or Authentication Service to the client, then Cloud Web Security can only identify users transparently or manually when they connect to the Internet. These options are also used as a fallback if either the Endpoint Client or Authentication Service fails. There is need to review the below too.
Cloud Web Security transparent identification options:
Websense Web Endpoint client is installed on end user machines. It provides transparent authentication, enforce use of Cloud security filtering and passes authentication details to the Cloud service. See Deploying Web Endpoint Client.

Websense Authentication Service provides clientless transparent authentication via a Websense gateway V-Series appliance hosted on your network. See Deploying Authentication Service.
http://www.websense.com/support/article/kbarticle/Authenticating-the-first-time-with-Hosted-Web-Security

More info on "Setting Up End-User Authentication" http://www.websense.com/content/support/library/web/hosted/getting_started/enduser_auth.aspx
0
 
LVL 63

Expert Comment

by:btan
ID: 41779493
Explained on the most probable cause to the issued faced and propose measure to consider
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Riverbed Technology's webinar discusses networking for the cloud era with simplified SD-WAN cloud connectivity.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question