Solved

Websense - How to Stop Login

Posted on 2016-07-28
3
21 Views
Last Modified: 2016-09-01
I'm not super familiar with Websense. I have a client using Websense (Forcepoint) Cloud Security. When the users are at their location, everything works great. However, when they are offsite anytime they venture onto the web they are sent to a login screen. It was my understanding that with the endpoint client installed, which it is, they would not have to login when browsing. Could there be something misconfigured? Are there any Websense/Forcepoint experts who could give me a hand with this?
0
Comment
Question by:MrComputerIT
  • 3
3 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points (awarded by participants)
Comment Utility
It sounds to me it is proxy authentication which prompt the login. Authentication on the proxy requires users to identify themselves.
Note
When prompted for credentials, if the user does not enter a domain name, a "session timeout" error can result, or the user may be re-prompted.
http://www.websense.com/content/support/library/web/v75/wcg_help/browser_limitations.aspx#1078246

It may be the sense that in other site it is not in authenticated mode hence the prompt  pops up. May need to check the setting for the proxy  e.g.
*Using LDAP proxy authentication
*Using RADIUS proxy authentication
*Using NTLM proxy authentication
http://www.websense.com/content/support/library/web/v75/wcg_help/authen.aspx
0
 
LVL 61

Assisted Solution

by:btan
btan earned 500 total points (awarded by participants)
Comment Utility
Typically for such prompting of login from browser is due to proxy,in this case, Websense (Forcepoint) Cloud Security is authenticating the user prior to granting further access into the internet or other networks.. the prompt can happen on below scenario
a) if session is timeout as shared in previous post whereby the session can be expired or idle for a long session which will requires re-login. At times it can also be timeout is too short hence the multiple prompt triggers
b) if user session is not in sync such that the identity cannot be established as user is trying to gain access to authenticated resources.
c) if synchronised user does not meet the below NTLM identification if it is configured to check prir to granting further access
For NTLM identification to work for synchronized users:
Synced users must be coming from a known IP address (previously configured in a Cloud policy).
If they are coming from a known IP address but still receive an authentication prompt, then one or more of the following may apply:
The NTLM ID’s may not match.
The browser they are using does not support NTLM.
They are logged in as a local user (not the synced domain account).
If everything is working, as it should for the synced users, then the only time they should receive a logon page is when they are roaming.
 
d) if there is no deployed Web Endpoint Client or Authentication Service to the client, then Cloud Web Security can only identify users transparently or manually when they connect to the Internet. These options are also used as a fallback if either the Endpoint Client or Authentication Service fails. There is need to review the below too.
Cloud Web Security transparent identification options:
Websense Web Endpoint client is installed on end user machines. It provides transparent authentication, enforce use of Cloud security filtering and passes authentication details to the Cloud service. See Deploying Web Endpoint Client.

Websense Authentication Service provides clientless transparent authentication via a Websense gateway V-Series appliance hosted on your network. See Deploying Authentication Service.
http://www.websense.com/support/article/kbarticle/Authenticating-the-first-time-with-Hosted-Web-Security

More info on "Setting Up End-User Authentication" http://www.websense.com/content/support/library/web/hosted/getting_started/enduser_auth.aspx
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Explained on the most probable cause to the issued faced and propose measure to consider
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now