Question regarding ISA and Websense

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I was wondering if anyone has any experience with Websense and ISA for Proxy/web filtering. Recently, I've had some ISA logs fill up the hard drive. I've cleared those off, but since doing so Websense still does not see our proxy server as the policy server. This is odd because Websense is actually physically ON that ISA/Proxy server. I don't know much about ISA, so I'm kind of flying blindly. Also factor in that this is an old server built by someone who left the company almost 3 years ago and then it hasn't been monitored by anyone for ages... well, you can guess what I'm dealing with.

Any help is appreciated.


Thanks guys!

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I've used Websense, but not with ISA.

 

Unfortunately, other than the server drive getting full which caused a few Websense xml files to become corrupted, the majority of the problems seem to be with the ISA side of things. I was able to fix Websense not seeing the policy server, but I feel as though the ISA box is a ticking time bomb. We have a project to upgrade to the newest version of Websense, but don't have anything yet to replace that 5-7 year old proxy box.

I think I know what I'll be doing at home for the next few weeks... time to learn about ISA and maybe make a test environment.

 

Or, alternatively, get a real proxy solution. But what do you really need a proxy solution for if you have Websense and a good firewall? Is bandwidth that much of a concern, and are users hitting the same sites over and over? Meh, I don't have much use for proxy servers anymore.

 

Good question. This was really my first hands on project dealing with a proxy server. We do have a decent firewall, and Websense is handling our internet filtering, but if people "go around the proxy" then the Websense policies do not apply. I know that there are a few redirects handled by the ISA portion, but I can't think that those aren't something that can be handled differently. In other words... the proxy server was here when I got here, and I don't know enough about proxies in general yet to justify getting rid of it. Trying to learn all I can though.

 

At my last employer, we had a SonicWall firewall that checked all outgoing Web requests with the Websense server before forwarding them out to the Internet. And if the firewall is the only way out to the Internet, then there's no "getting around" anything. ;)

 

I'm pretty sure we can do that with our Juniper, but the only concern is when we need to make that exception for the handful of users to go to sites that will not work going through the proxy... those users and of course a few of us in the LAN Engineering group.

 

But that's the whole point... why do you need a proxy server? No proxy server, no worries about going to sites that will not work going through the (non-existent) proxy.

You can set up Websense so that certain users are not filtered.