websense

Websense Web Filter 7.01 - Unable to download filtering database

I have been working with Websense to get a fix for an issue i have been having in Web filter 7.01 where I was unable to download the filtering database. This is apparently a known issue which has a hotfix. Here are the details of downloading and installing the hotfix.

Go to

http://eval.websense.com/download/patches/WWF_7.0.1_Hotfix_26_WISP_Trace_Issue_binaries.zip

1. Stop all Websense services.

When you stop all Websense services, the sequence of stopping them is important for the final three services only. Always end with the following services, in the order shown:

1. Stop Websense Policy Server.

2. Then, stop Websense Policy Broker.

3. Finally, stop Websense Policy Database.

Linux: Use the command ./WebsenseAdmin stop (Run the command from the /opt/Websense/ directory). This stops them in the correct sequence.

2. Back up the files listed below into a separate folder:

Windows:

The default location for Windows is: C:\Program Files\Websense\bin\

EIMServer.exe

EIMService.dll

NetworkAgent.exe

WsEventLog.dll

natuning.ini (if present)

Linux:

The default location for Linux is: /opt/Websense/bin/

EIMServer

NetworkAgent

libWsEventLog.so

natuning.ini (if present)

3. Extract the Hotfix zip file and locate the following files:

Windows:

EIMServer.exe

EIMService.dll

NetworkAgent.exe

WsEventLog.dll

natuning.ini

Linux:

EIMServer

NetworkAgent

libWsEventLog.so

natuning.ini

4. Replace the files listed above with the corresponding files included in the Hotfix zip file:

Default location in Windows: C:\Program Files\Websense\bin\

Default location in Linux: /opt/Websense/bin/

5. Make any needed configuration changes to natuning.ini.

If you have customized this file previously, start with your copy of the customized file, and then change or add settings that are provided by this Hotfix.

(a) To configure Network Agent to ignore HTTPS traffic:

Change the configuration variable ‘IgnorePort80′ to ‘IgnorePorts’ in the natuning.ini file. This parameter tells Network Agent to ignore traffic on any ports at the driver level.

For example:

IgnorePorts = 80, 443

(b) To prevent the IP addresses of the Network Agent interfaces from being displayed in Websense Manager:

Add the configuration variable ‘ShowNICsIP’ to the natuning.ini file and set it to false.

ShowNICsIP = false

In the natuning.ini file supplied with this hotfix both of these settings have been commented out. To enable one of the settings, simply remove the ‘#’ character from the beginning of the line.

6. Restart Websense services.

Windows: Use the Windows Services dialog box.

When you start all Websense services, always begin with the following services, in the order shown:

1. Websense Policy Database

2. Websense Policy Broker

3. Websense Policy Server (all copies)

Then, remaining services can be started in any order.

Linux: Use the command ./WebsenseAdmin start. This command starts the services in the proper sequence.

Setting up Websense on a Virtual machine

Ok so I was setting up a Websense VM in standalone mode and there are a few things that you need to do to make this work.

So, part of a Websense implementation includes setting up port spanning/mirroring on a port that connects to you monitor NIC so that it recieves all the traffic from your firewall. In ESX you will need to create a vSwitch for the Websense monitor network and allocate one of your physical NIC’s to to it which will plug into your mirror port on the switch.

The important step in creating this vSwitch is to go into the properties and enable it to act in promiscous mode, if you do not do this then your monitor vNic will not see any traffic.

After that just configure the second virtual NIC on your Websense VM to be a part of your Websense monitor network and Bob’s your uncle.