[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Websense/Web Filtering
Title: RE: [FW1] Websense/Web Filtering Chris; I am sorry to hear you are having problems with WS and CKP. Below I am going to explain technically the difference between WS 3.X with CKP and WS 4.X with CKP. I also understand your fustrations as to having to deal with two seperate companies pointing the fingers at each other. Although I am not familiar with the *exact* problem you are having (I am getting a status report from our technical support dept.). The information below should clear things up for you as far as the differences between 3.x 4.x and between different UFP versions. Websense V3.X was our original version that talked to FW-1 with the UFP (note not CVP). This version talked directly to the UFP code in FW-1 over a socket. We wrote all the code for the "communication" from the UFP server side. Due to some additional features that we have added to our product (including defer/continue, redirect of sites, user-authentication w/LDAP,NT, and an expanded category base) we used the "new UFP V2) in our 4.X version of Websense. Checkpoint mandates that with this version of the UFP they handle all socket based communications from the UFP server to the Firewall. Unlike previously where we handled them. We use libraries from Checkpoint on the UFP server side in order for the socket communication to work. Thus, all TCP traffic between the Firewall and the UFP server is handled by Checkpoint not us. We simply get messages from the libraries that we compiled with. The standard UFP port is 18182. By "snooping" the traffic between the UFP server (ie: Websense) and the Firewall you are looking at packets that are all handled by Checkpoint code. As I mentioned above in the original UFP we had control of this communication. However in the new UFP we have no control of this communication. The "new UFP" socket communication does appear to have some bugs in it. If you hear of any other problem with the joint solution, let me know offline what the trouble ticket is and I will look into it. Thanks -----Original Message-----
Hi Brian, I've used Websense for a few years in the Unix/NT
Back in the days of Solaris 2.5.1, Websense v3.11, and
When working -- Websense is easy to implement and
Since the introduction of FW v4.x and Websense v4.x.x
I'm now on Solaris 2.6 5/98 HW version (patched with
What's most frustrating is getting the vendor pointing
Because of this, I'm getting better at using "snoop"
Telemate.Net makes a similar product -- a hardware
www.telemate.net if you're interested. Please feel free to contact me if you have any
HTH -- Chris --- Brian Mulford <[email protected]> wrote:
__________________________________________________
================================================================================
|