 | ||
 HTTPS AND WEBSENSE | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-10-11 | |||
| |||
 Re: HTTPS AND WEBSENSE You will need to setup a OPSEC application (UFP) then create a resource object. This should then allow you to add the recourse in the rulebase. One thing.....you can sometimes get a few issues with this. i.e. memory issues etc, depends how node will using the web. Hope this helps.  |
| 2007-10-12 | |||
| |||
| Re: HTTPS AND WEBSENSE Hi Well if you have integrated the Websense with Cehckpoint you can only apply policies on HTTP traffic but if you want control non-http traffic then you need to go for Port Spanning. Process goes like this:If you have manageable switch, I mean if you can run port-spanning commands on switch then you can attach one more NIC in websense server and keep that NIC in stealth mode(NO ip on that NIC)and conenct the calble from that NIC to the same switch.Now run the port spanning commands, source as the Firewall port and Destination as the Stealth mode NIC port.Regarding the settings in websense, Open the Network Agent setting, monitor the traffic with stealth mode NIC and use another NIC to through the block page. I hope this will help you. In case you need any help please let me know. Regards Ranjit |
| 2007-10-12 | |||
| |||
| Re: HTTPS AND WEBSENSE Personally I would use the Websense in Network Agent Mode and place the Websense on a hub between the Firewall and the Internal Network Switch. This way all web traffic is seen by the Websense as it leaves the network and is completely tranparent to the network. If the Websense see's traffic that should not be allowed then the Websense sends a reset to the requester that blocks the traffic. If it is non-Web traffic, ie SMTP then Websense ignores it. It also removes the need to configure anything on the firewall and the Websense reporting is far superior to what you would get regarding Check Point resource. ie, no resource, no fiddling with the rules to redirect the http and https to the Websense Server, it allows the firewall cpu,memory resources to be used for the Firewall rather then being taken up interacting with the Websense. |
| 2007-10-12 | |||
| |||
| Re: HTTPS AND WEBSENSE Do you have rules that allow the Check Point and Websense to talk to each other. Websense will be looking for traffic on a port that is not a pre-defined service. I can't remember off the top of my head by the Websense Documentation should tell you. I believe that it is listed on the Check Point Integration guide what the services are. If you don't have this then I suggest that you get a copy from the Websense website. It is publicly available and doesn't require a login. |
| 2007-10-28 | |||
| |||
| Re: HTTPS AND WEBSENSE I have checkpoint blocking http with one rule (using UFP) Then have checkpoint allowing https with one rule (using UFP) The rules have to be reversed with HTPS, but it works fine. We can't use a hub, it's way too slow... John |
| 2007-10-28 | |||
| |||
| Re: HTTPS AND WEBSENSE Hi I would like to give you one advice.See if we put the websense server in flow of the traffic it will make the traffic slow and create one more hop.So alternative to this is to, to monitor the traffic using port spanning.Run the port spanning commnads on a manageable switch and insert two LAN cards in Websense server, one for listening and another for pushing the page, then it will not come into the floe it will jist sniff the traffic and policy will be applied according to the needs. I hope this will help you. Regards Ranjit |
| 2007-10-30 | |||
| |||
| Re: HTTPS AND WEBSENSE Quote:
performance is much better then UFP. Been through this many, many times, even with websense 6.3. I think if you have less then 10 mb to the internet, then the UFP would be comparable to the Agent mode. But when you start having 4,000+ clients browsing the internet, the websense box (and checkpoint) takes a huge performace hit in UFP mode. FYI; Use a GB cisco switch with SPAN commands instead of a hub. __________________ -Bradley |
| 2009-05-28 | |||
| |||
| Re: HTTPS AND WEBSENSE Can anyone descibe how you can actually carry out the filtering on HTTPS ? I seem to have an issue setting up the FW-1 as an HTTPS proxy server, from Tracker I can see https traffic accepted towards the FW-1 itself but the browser still gets errors when I proxy via the firewall on port 443. Anyone got any suggestions to just get basic connectivity working ? Then I can work on actually blocking :) I have been trying out some stuff on the CP KB on my test setup since I will be deploying this on a production enviroment soon. |
| 2010-02-09 | |||
| |||
| Re: HTTPS AND WEBSENSE FYI, I started deploying my first Websense Content Gateways so proxy is now part of the websense architecture. You can just put network agent on it and use transparent mode for instance. Other cool feature is the TLS proxy so you may filter SSL connections in fast and reliable way. I still have several gateways using UFP but it is way slower and does not allow the dynamic content classification (very cool so you may block forum threads based on keywords and not just because it's a forum) |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
