[mcnallym]

Personally I would use the Websense in Network Agent Mode and place the Websense on a hub between the Firewall and the Internal Network Switch.

This way all web traffic is seen by the Websense as it leaves the network and is completely tranparent to the network. If the Websense see's traffic that should not be allowed then the Websense sends a reset to the requester that blocks the traffic. If it is non-Web traffic, ie SMTP then Websense ignores it.

It also removes the need to configure anything on the firewall and the Websense reporting is far superior to what you would get regarding Check Point resource.

ie, no resource, no fiddling with the rules to redirect the http and https to the Websense Server, it allows the firewall cpu,memory resources to be used for the Firewall rather then being taken up interacting with the Websense.