[isalist] Re: Websense Block Page

  • From: "Ball, Dan" <DBall@xxxxxxxxxxx>
  • To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 9 Sep 2009 08:26:14 -0400

With the policy server on a different computer, how well does it perform?  Have 
you noticed any excessive traffic?

This was my reasoning behind putting it on the ISA server itself:

Present Configuration:
User->ISA (Policy Server)->Internet

Separate Policy Server:
User->ISA->Policy Server->ISA->Internet

With almost a thousand mad clickers hitting the server all at once, I was 
hoping to keep things moving as smoothly as possible.  But, with the 502 errors 
and the "this web page is trying to open a page on your intranet" errors, and 
the problems getting the log files to work, I'm considering moving it.

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: Tuesday, September 08, 2009 7:38 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: Websense Block Page

That might be part of it, I installed the policy portion of Websense on the ISA 
server to cut down on the amount of internal traffic generated.

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Andrew Hodgson
Sent: Tuesday, September 08, 2009 7:34 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Websense Block Page


In our scenario if a user goes to a page which is blocked, the Websense plugin 
causes a redirection to the Websense policy server, where there is a web server 
that displays the blocked page.  I don't have any specific rules in ISA for 
Websense other than allowing the Websense ISA plugin to talk to the filtering 

I may have missed something?

Andrew Hodgson
Senior Systems Administrator/Projects Engineer

Direct Line Tel: 01432 852332
Email: andrew.hodgson@xxxxxxxxxx

Please do not print this email unless absolutely necessary.

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: 08 September 2009 12:29
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Websense Block Page

For you guys running Websense, how do you handle the blocked page notification? 
 Apparently it creates a nice little cgi script that runs on the ISA server 
itself which generates the blocked page notification.

Right now I have a single TCP port opened up to the localhost on the ISA 
server, which allows the page to show (but quite often goes to the ISA 502 page 
until refreshed), but I don't really like opening any ports to the localhost.

Anyone have a better configuration?

Dan Ball
Network and Systems Technician
Marquette Area Public Schools
1103 West College Avenue
Marquette, MI 49855
E-Mail: dball@xxxxxxxxxxx<BLOCKED::mailto:dball@xxxxxxxxxxx>
Phone: (906)225-5779
Fax: (906)225-5377


allpay achieved PCI DSS and ISO 27001 certification in 2008
Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.

Telephone: 0844 225 5729, Fax: 0844 557 8350.
Website: www.allpay.net Email: enquiries@xxxxxxxxxx<mailto:enquiries@xxxxxxxxxx>

This email, and any files transmitted with it, is confidential and intended 
solely for the use of the individual or entity to whom it is addressed. If you 
have received this email in error please notify the allpay Information Security 
Manager at the number above.

GIF image

Other related posts: