[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Websense/Web Filtering
While talking about new version ... I'm glad the latest version of WebSense for FW1 introduces user and group authentication. But I'd like to know if we will finally get rid of this annoying 10 minutes authentication latency. Up to 4.2.2, a user would launch a browser, type in a url, get the authentication pop up, enter a login/pw, surf and close the browser when finished. But as far as I saw, he's still authenticated during 10 minutes. So if he starts a browser again during this period, he doesn't have to reauthenticate before these 10 minutes are over. The support team at our supplier's told me it's hard coded in WebSense and there is nothing to do against that. So what is the status of this 'feature' in 4.2.4 ? Emmanuel Bailleul ASCOM Adilan FRANCE -----Message d'origine----- De: Hubbard, Dan [mailto:[email protected]] Date: vendredi 16 février 2001 21:53 À: 'Chris F'; Brian Mulford; Check Point FW List (E-mail) Objet: RE: [FW1] Websense/Web Filtering Chris; I am sorry to hear you are having problems with WS and CKP. Below I am going to explain technically the difference between WS 3.X with CKP and WS 4.X with CKP. I also understand your fustrations as to having to deal with two seperate companies pointing the fingers at each other. Although I am not familiar with the *exact* problem you are having (I am getting a status report from our technical support dept.). The information below should clear things up for you as far as the differences between 3.x 4.x and between different UFP versions. Websense V3.X was our original version that talked to FW-1 with the UFP (note not CVP). This version talked directly to the UFP code in FW-1 over a socket. We wrote all the code for the "communication" from the UFP server side. Due to some additional features that we have added to our product (including defer/continue, redirect of sites, user-authentication w/LDAP,NT, and an expanded category base) we used the "new UFP V2) in our 4.X version of Websense. Checkpoint mandates that with this version of the UFP they handle all socket based communications from the UFP server to the Firewall. Unlike previously where we handled them. We use libraries from Checkpoint on the UFP server side in order for the socket communication to work. Thus, all TCP traffic between the Firewall and the UFP server is handled by Checkpoint not us. We simply get messages from the libraries that we compiled with. The standard UFP port is 18182. By "snooping" the traffic between the UFP server (ie: Websense) and the Firewall you are looking at packets that are all handled by Checkpoint code. As I mentioned above in the original UFP we had control of this communication. However in the new UFP we have no control of this communication. The "new UFP" socket communication does appear to have some bugs in it. If you hear of any other problem with the joint solution, let me know offline what the trouble ticket is and I will look into it. Thanks -----Original Message----- From: Chris F [ mailto:[email protected] <mailto:[email protected]> ] Sent: Friday, February 16, 2001 8:40 AM To: Brian Mulford; Check Point FW List (E-mail) Subject: Re: [FW1] Websense/Web Filtering Hi Brian, I've used Websense for a few years in the Unix/NT environment. Back in the days of Solaris 2.5.1, Websense v3.11, and CP FW1 v3.0b Build 3064 -- EVERYTHING WORKED! When working -- Websense is easy to implement and configure. Once you set your filters, there is little (or no) administration. Websense will update it's database automatically for you -- I have it auto update every night. There is no noticeable network lag from using Websense and only a few sites will give you problems (easily fixed in your security policy). I have used Websense on the firewall, and as a stand alone CVP/URI server. Since the introduction of FW v4.x and Websense v4.x.x - I've had some problems with the communication between CP http security server and Websense. I'm now on Solaris 2.6 5/98 HW version (patched with patches as of Jan 26, 2001), FW1 v4.1 SP3 -- built from scratch, and I'm having the same issues (unfortunately). What's most frustrating is getting the vendor pointing when things don't go as planned: Websense will blame CP's http security server for any problems you have, and CP will blame Websense. Yet, you pay for support from both -- and no one wants to help you. Nice partnership, eh? Because of this, I'm getting better at using "snoop" and call their bluff when they try and tell me otherwise :) Telemate.Net makes a similar product -- a hardware solution for filtering. I'm still investigating this product. www.telemate.net if you're interested. Please feel free to contact me if you have any details/questions. Sorry for this book reply. HTH -- Chris --- Brian Mulford <[email protected]> wrote: > > I am evaluating websense as a content management > filter that integrates > with FW1. Anyone have any comments good or bad, or > possible other > software that may be better? Thanks > > Brian > > > ============================================================================ ==== > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html <http://www.checkpoint.com/services/mailing.html> > ============================================================================ ==== __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ <http://personal.mail.yahoo.com/> ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html <http://www.checkpoint.com/services/mailing.html> ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|