HTTPS AND WEBSENSE

[bac26]

Does anyone know how to filter and check https traffic with websense? without using security server ? so shold be transparent without need to configure browser proxy settings on client

[Danielpb]

You will need to setup a OPSEC application (UFP) then create a resource object.

This should then allow you to add the recourse in the rulebase.

One thing.....you can sometimes get a few issues with this. i.e. memory issues etc, depends how node will using the web.

Hope this helps.

[gavvys]

Hi
Well if you have integrated the Websense with Cehckpoint you can only apply policies on HTTP traffic but if you want control non-http traffic then you need to go for Port Spanning.
Process goes like this:If you have manageable switch, I mean if you can run port-spanning commands on switch then you can attach one more NIC in websense server and keep that NIC in stealth mode(NO ip on that NIC)and conenct the calble from that NIC to the same switch.Now run the port spanning commands, source as the Firewall port and Destination as the Stealth mode NIC port.Regarding the settings in websense, Open the Network Agent setting, monitor the traffic with stealth mode NIC and use another NIC to through the block page.
I hope this will help you.
In case you need any help please let me know.

Regards
Ranjit

[mcnallym]

Personally I would use the Websense in Network Agent Mode and place the Websense on a hub between the Firewall and the Internal Network Switch.

This way all web traffic is seen by the Websense as it leaves the network and is completely tranparent to the network. If the Websense see's traffic that should not be allowed then the Websense sends a reset to the requester that blocks the traffic. If it is non-Web traffic, ie SMTP then Websense ignores it.

It also removes the need to configure anything on the firewall and the Websense reporting is far superior to what you would get regarding Check Point resource.

ie, no resource, no fiddling with the rules to redirect the http and https to the Websense Server, it allows the firewall cpu,memory resources to be used for the Firewall rather then being taken up interacting with the Websense.

[bac26]

Hi,
add resource on the rulebase with https but than the traffic is not even allow i have error in display the pages

[mcnallym]

Do you have rules that allow the Check Point and Websense to talk to each other. Websense will be looking for traffic on a port that is not a pre-defined service. I can't remember off the top of my head by the Websense Documentation should tell you.

I believe that it is listed on the Check Point Integration guide what the services are. If you don't have this then I suggest that you get a copy from the Websense website. It is publicly available and doesn't require a login.

[bac26]

hi,
i have already communication , is set to clear...

[JohnMH]

I have checkpoint blocking http with one rule (using UFP)
Then have checkpoint allowing https with one rule (using UFP)

The rules have to be reversed with HTPS, but it works fine.

We can't use a hub, it's way too slow...

John

[gavvys]

Hi
I would like to give you one advice.See if we put the websense server in flow of the traffic it will make the traffic slow and create one more hop.So alternative to this is to, to monitor the traffic using port spanning.Run the port spanning commnads on a manageable switch and insert two LAN cards in Websense server, one for listening and another for pushing the page, then it will not come into the floe it will jist sniff the traffic and policy will be applied according to the needs.

I hope this will help you.
Regards
Ranjit

[Producer]

Quote:

Originally Posted by mcnallym

Personally I would use the Websense in Network Agent Mode and place the Websense on a hub between the Firewall and the Internal Network Switch.

+1

performance is much better then UFP. Been through this many, many times, even with websense 6.3. I think if you have less then 10 mb to the internet, then the UFP would be comparable to the Agent mode. But when you start having 4,000+ clients browsing the internet, the websense box (and checkpoint) takes a huge performace hit in UFP mode.

FYI; Use a GB cisco switch with SPAN commands instead of a hub.