Websense = FAIL

TechGuy215TechGuy215 Member Posts: 404 ■■■■□□□□□□
So, I basically just want to rant about how much I hate websense.

I had a nice setup here at my office:

2 Linux Boxes running SQUID, one for the Standard Proxy and one for the Admin Proxy (used for caching and webfiltering).

Of course, corporate wanted a more streamlined setup so they pushed websense appliances to all branch offices. I created the WPAD file and deployed via DHCP. About 3/4's of the users transitioned without issue, but the other 1/4 were being prompted for credentials by the websense appliance when going out to the internet. I had to create a script to resolve the issue. It runs a program that sends the username/IP to Websense when the user logs on. This 2nd layer of authentication seems to have resolved the issue with websense not recognizing certain users. I was ready to pull my hair out!!! icon_twisted.gif

So what are the TE forum members running for webfiltering?
* Currently pursuing: PhD: Information Security and Information Assurance
* Certifications: CISSP, CEH, CHFI, CCNA:Sec, CCNA:R&S, CWNA, ITILv3, VCA-DCV, LPIC-1, A+, Network+, Security+, Linux+, Project+, and many more...
* Degrees: MSc: Cybersecurity and Information Assurance; BSc: Information Technology - Security; AAS: IT Network Systems Administration

Comments

  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    we run websence but thank full I don't manage it.

    we also have url filtering on the checkpoints and I am all in favor of moving to this completely and putting the websence servers in a bin, i fend there interface clunky and while a while back there where one of the clear leaders, these days the rest have caught up.
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • RomBUSRomBUS Member Posts: 699 ■■■■□□□□□□
    Hm just when I thought we were the only people out there running Websense (never heard of it before arriving to this company I work for now). I have never managed it as well but good to know if I do ever have questions about it I know who to call ;)
  • xXErebuSxXErebuS Member Posts: 230
    TechGuy215 wrote: »
    So, I basically just want to rant about how much I hate websense.

    I had a nice setup here at my office:

    2 Linux Boxes running SQUID, one for the Standard Proxy and one for the Admin Proxy (used for caching and webfiltering).

    Of course, corporate wanted a more streamlined setup so they pushed websense appliances to all branch offices. I created the WPAD file and deployed via DHCP. About 3/4's of the users transitioned without issue, but the other 1/4 were being prompted for credentials by the websense appliance when going out to the internet. I had to create a script to resolve the issue. It runs a program that sends the username/IP to Websense when the user logs on. This 2nd layer of authentication seems to have resolved the issue with websense not recognizing certain users. I was ready to pull my hair out!!! icon_twisted.gif

    So what are the TE forum members running for webfiltering?

    You talking about Longon Agent?
  • About7NarwhalAbout7Narwhal Member Posts: 761
    We use websense as well. I hate it with a passion. It is much better now that they disabled the authentication options. You are either blocked or not monitored. It use to prompt on everything and really got old quick.
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Websense blows.

    Whatever you do, do NOT install that Websense Client on your company's workstations. I have worked at two different companies who attempted to deploy it, and it never made it out of pilot phase... most of the computers had to be totally remiaged.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • TlanTlan Registered Users Posts: 1 ■□□□□□□□□□
    we went thru this list of filters over the years

    circa 2000 = websense, installed on physical server integrated with cisco PIX and SQL, outstanding performance and reporting, then websense decided to adjust there price which priced them out of our budget, 6 digit range

    we then went to
    Bluecoat appliance, monster to install, their techs flew in to setup or fix at least 20 times to get or keep it working and reporting was a third party app and used txt files and ftp, horrible setup

    Scansafe - cloud proxy service - wpad setup dns iis etc, did not work out, then we tried web based proxy redirect, also 24 hour turnaround for reports, we got fed up with performance and dropped them

    Back to websense - cloud proxy service (cheaper) - http request were sent to the cloud. the results. 50MB internet connections were reduced to 5MB because of the cloud, http redirects caused certain sites to not load the webpages, Adobe cloud, Microsoft office 2013 installs, random sites

    at this point i was leaning to installing linux and use DansGaurdian

    After threats of cutting our contract with them

    we are now using Websense Triton unified security inhouse on a virtualized server integrated with Cisco ASA URI redirect,

    it now appears to be working with no issues as far as performance speeds and administration

    none of the services above used a client, as we have a mixed environment, the redirects were either thru proxy settings in the browsers via group policy or DNS or ASA / PIX URI redirects.

    I hope this helps,
  • lsud00dlsud00d Member Posts: 1,571
    My current client uses Websense and services will randomly stop and choke email flow...super lame!
Sign In or Register to comment.