RE: Was Pix 6.3(3) / Websense 5.1 - flaky?

From: Kenneth Wygand (KWygand@customonline.com)
Date: Sat Apr 17 2004 - 12:58:20 GMT-3

Yes, I've tried both Version 1 and Version 4. From what I understand, version 4 can also send user authentication credentials if configured with ACS, while version 1 cannot. However, I've tried both. The url's are not long at all... I do know of the 1034-byte limit (or close to that) and the various "url-filter" commands (don't have them in front of me) to stretch this limit to 4096 when using Websense... tried this as well...

Websense's answer is to use an alternate method of configuration, but I don't really want to do what they suggest (Network Agent coupled with a "bidirectional-span port" (as they call it - essentially a SPAN port that can also listen to traffic from the Websense box), or putting a dumb hub between the inside interface on the pix and the internal switch and attach a second ethernet interface to websense so it can actually "snoop" all traffic as it hits the pix...
 
By the same token, I've also heard Pix 6.3(3) is very buggy... I'm just not the type of person that accepts "well if it doesn't work, do this..." type of an answer... I want to know WHY it doesn't work, so I can fix it or at least understand the logic...
 
Thanks for all of your help in advance!!
Ken

        -----Original Message-----
        From: P729 [mailto:p729@cox.net]
        Sent: Fri 4/16/2004 10:31 PM
        To: Kenneth Wygand; ccielab@groupstudy.com
        Cc:
        Subject: OT: Was Pix 6.3(3) / Websense 5.1 - flaky?
        
        

        I don't think 'filter url https' is valid syntax, is it? Although 'filter
        https 443' should've worked. Are you specifying version 4 in the 'url-server
        host' command? Are the https URL's inordinately long?
        
        Regards,
        
        Mas Kato
        https://ecardfile.com/id/mkato
        
        ----- Original Message -----
        From: "Kenneth Wygand" <KWygand@customonline.com>
        To: <ccielab@groupstudy.com>
        Sent: Friday, April 16, 2004 2:03 PM
        Subject: Pix 6.3(3) / Websense 5.1 - flaky?
        
        
> I'm running a test environment where I'm trying to get the Pix to forward
        all web (http and https) traffic to a Websense 5.1 box. All blocked traffic
        (http) comes back with the typical websense "blocked" page, but all https
        traffic (allowed or not) comes back with the "page cannot be displayed".
        I've tried configuring the pix with both the "filter url https 0 0 0 0" and
        "filter https 443 0 0 0 0" command to no avail. Has anyone seen this
        before? Any fix? BTW, I'm running Pix version 6.3(3).
>
> Thanks!
> Ken
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:49 GMT-3