> Our main firewall is a Cisco Pix. We use ISA for proxy server only in a > single NIC configuration. That is like using a Masserati to go to the grocery store and use the Geo Metro to go to your daughter wedding. But is your choice of course ;-) Logmein is a Java application, there is no protocol you can block, unless you block all java applications which I believe is not a great idea. But having websense already in place, why you don’t simply go a block *.logmein.com? That will fix your problem in 1 minute. Regarding Google talk, one time I receive an email saying that if you block access to these IPs 216.239.37.125, 72.14.253.125, 72.14.217.189 and 209.85.137.125 on ports 80, 443, 5222 and 5223 you block google talk. But I never try it, we block the entire *.google.com Regards Diego R. Pietruszka MSC (USA) - Interlink Transport Technologies From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Hodgson Sent: Wednesday, November 14, 2007 9:45 AM To: isalist Subject: [isalist] Re: Possibly OT: Websense, ISA server (proxy mode) and blocking protocols Hi, ________________________________ From: D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR [mailto:DPietruszka@xxxxxx] Sent: 14 November 2007 13:44 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Possibly OT: Websense, ISA server (proxy mode) and blocking protocols >You are not allowed to integrated Websense to the firewall and that is why you >are using ISA (Is not Isa a firewall?) Our main firewall is a Cisco Pix. We use ISA for proxy server only in a single NIC configuration. >Anyway, google and Logmein and regular HTTP or HTTPS traffic, so if websense >is blocking other webpages and no this ones, you have something wrong on your >websense >configuration. >Checking the ISA log connect to Logmein or google, and tell us what you are >seeing there. Check the Client username field, since that is most likely your >problem. Websense is blocking websites no problem, it is just the protocols it is not blocking. So, for example, if I go to the Youtube website, I can get in, which is fine, but if I try to watch a video, it presents a network error message, because Websense has stopped. This appears to work for most protocols, but Google talk and LogMeIn are two examples where it is not working. I have the Websense network service running on the ISA firewall. This protocol blocking is working for all users as a global policy – I haven’t rolled out user based privileges yet. Thanks. Andrew. -- allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone, Hereford, HR1 3SE. Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88. Telephone: 0870 243 3434, Fax: 0870 243 6041. Website: www.allpay.net Email: enquiries@xxxxxxxxxx This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this email in error please notify the allpay.net Information Security Manager at the number above.