[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Firewall/VPN-1 and Websense
Stewart, I am running a eval on Websense also. As far as I know about it, you nderstanding regarding the licensing of Websense is correct. One ip, one license. One thing I have noticed with sending all traffic thru the WebSense server is that it slows everything down remarkabley. I do not htink I would recommend that. We tried it and found that if the requests get backed up then the UFP server will send a unable to connect to the client. Even if the client is allowed by policy. I called the Websense tech line and they are working on why it does that. Have you gotten pricing on the Websense for 1000? I just got a quote from them and it was grounds for a heart attack. My experiences... Tom -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Wednesday, March 28, 2001 09:04 To: [email protected] Subject: [FW1] Firewall/VPN-1 and Websense I've got a question about Websense. I'm running Firewall/VPN-1 v4.1 SP3 on NTv4.0 SP5. I'm currently evaluating Websense because some showed up at one of our public PC kiosk for employees. The kiosk has thin-clients running with a Citrix server. When an HTTP request hits the firewall from any of these thin-clients, it appears to be coming from the Citrix server as far as workstation IP address. Right now I have a rule setup on the firewall with a group called web-block. Any WS in this group would be sent to the Websense server via UFP for web-site checking. All other WS would drop down to the next rule and have full access to the Internet. I guess I'm confused about Websense licensing. From what I understand, because these 10-12 thin-clients running with my Citrix server appear as 1 IP address, that would be only 1 license to the Websense server. Is there any advantage to sending all HTTP traffic through the Websense server and setup rules there? If that is the case, I would probably need a 1000 user license from Websense? Any help or direction would be greatly appreciated! Stewart ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|