PIX / Websense

[mapelo]

Hi,

I have a problem with Websense and Cisco PIX 515.
The PIX has 3 I/F (inside, outside, dmz). In the
DMZ there are my 3 servers (proxy, mail, websense).

When a user request a website, the PIX first redirects
it to the proxy which then asks Websense. So all
policies I enter in Websense do not work because the
request comes with the ip of the proxy.

Any possibility to change the order to
1. user requests a website
2. PIX redirects to Websense
3. Websense redirects to Proxy ?

 

[yizhar]

HI.

I don't know, but maybe the proxy itself can work in conjuction with websense instead of the pix?
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[baddos]

Try This if you are running PIX OS 6.2:

url-server (inside) vendor websense host 10.0.0.1 timeout 5 protocol TCP version 4
url-cache dst 128KB
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter url 8080 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

I'm not sure if it will check websense before sending off to the proxy, but it's worth a shot.

(10.0.0.1) is the IP address of your websense server.