Websense integrated with ASA

I have purchased Websense which can be imtegrated with my ASA, but before i deploy this. Is there a way to have the 'stand alone' version of Websense block ip addresses in addition to domian names?

thank you
dat.

Find more posts tagged with

Comments

Ahriakin

Not sure about Websense itself but you could install a software firewall to the server it's running on and simply write a block rule for the host (presuming you mean you are using it as in Proxy mode). But there is probably a way to block a specific host inside it.

rbutturini

Yeah you should be able to do this by creating a policy for it.

LOkrasa

When you say standalone do you mean Websense running on a standalone server or do you mean the version like WebSense Express or Enterprise?

datchcha

LOkrasa wrote:

When you say standalone do you mean Websense running on a standalone server or do you mean the version like WebSense Express or Enterprise?

Stand alone version, "Enterpirse Edition". I have my proxy server 'websense' configured and running, and i am monitoring traffic with Wireshark, but i still have users hitting sites which download like 10mb in a 4 mininute process. Before I had the option in IE to detect proxy select i saw this IP addresses and most of them are Social sites or online music/video which do not fall under the Websense database. To make matter worst, i have not clue of the domain names, becuase when i use Arin.net to check, i get results like Qwest, so i guess the sites are hosted on vurtial servers or soemthing of the like.

Hey saw you are in G.burg maryland, you are right up the street from me...Waht do you have to say about DC United 0 - 3 lost, and not to mention their 6th straight lost in a row...dark times for us...thanks...love the Polska image!!!! recognize!!!

thanks again

LOkrasa

datchcha wrote:

LOkrasa wrote:

When you say standalone do you mean Websense running on a standalone server or do you mean the version like WebSense Express or Enterprise?

Stand alone version, "Enterpirse Edition". I have my proxy server 'websense' configured and running, and i am monitoring traffic with Wireshark, but i still have users hitting sites which download like 10mb in a 4 mininute process. Before I had the option in IE to detect proxy select i saw this IP addresses and most of them are Social sites or online music/video which do not fall under the Websense database. To make matter worst, i have not clue of the domain names, becuase when i use Arin.net to check, i get results like Qwest, so i guess the sites are hosted on vurtial servers or soemthing of the like.

Hey saw you are in G.burg maryland, you are right up the street from me...Waht do you have to say about DC United 0 - 3 lost, and not to mention their 6th straight lost in a row...dark times for us...thanks...love the Polska image!!!! recognize!!!

thanks again

I do not think you can block up just IP alone but you can do that on the ASA itself via ACL. In order to block by domain name - Login to the Policy Server, Filter Definitions > Custom URLS > Choose Category and click Add. Type in the domain and add it in... This should be enough to be able to add in the domain to be blocked.

Another option is that you can block by protocol set so you can block Streaming Media, P2P File Sharing/etc...

Don't follow MLS because it literally puts me to sleep... way too slow. I watch the EPL alot but mostly Intl. games if they are on. I am from Poland so yeah I love the NT and especially Janczyk (guy in picture).