RE: [fw-wiz] Websense protocol Version 4?

• Previous message: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Cisco acls"
• In reply to: Kevin: "[fw-wiz] Websense protocol Version 4?"
• Next in thread: Kevin: "Re: [fw-wiz] Websense protocol Version 4?"
• Reply: Kevin: "Re: [fw-wiz] Websense protocol Version 4?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Mon, 7 Mar 2005 10:42:14 -0500

The WebSense protocols are proprietary, and not publicly available (at least
that I've seen). There also appear to be differences between the WebSense
protocol used for PIX firewalls and the one used for Check Point firewalls
(UFP).

Port 15868 listens for the actual url-filter requests from the firewall and
issues a response code based on matching. Port 15871 is something like an
HTTP server and issues an alert that is inserted in-stream to the browser,
letting the user know that WebSense has blocked the URL they've requested.

PaulM

-----Original Message-----
Subject: [fw-wiz] Websense protocol Version 4?

I see from PIX and Websense documentation that the recommended configuration
for URL filtering is to use the following PIX command:
  url-server host <IP-NUMBER> protocol UDP version 4

Websense and PIX can also be configured to use a TCP protocol.

Are either of these protocols documented anywhere?
I searched both Cisco and Websense, but did not see specifications for the
communication protocol between the PIX and the filter engine.

Information on the Websense site shows that V4.x uses port 15868 for the
"Filtering service", and 15871 for blocking messages, but does not document
the protocol itself.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Cisco acls"
• In reply to: Kevin: "[fw-wiz] Websense protocol Version 4?"
• Next in thread: Kevin: "Re: [fw-wiz] Websense protocol Version 4?"
• Reply: Kevin: "Re: [fw-wiz] Websense protocol Version 4?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [fw-wiz] Websense protocol Version 4? ... >> Websense and PIX can also be configured to use a TCP protocol. ... but there are also several binary bytes which are static across requests and ... (Firewall-Wizards) Re: PIX 515 responding to ARP commands... ... PIX software version you are running. ... Frame is marked: False Arrival Time: Aug 31, 2005 13:02:12.689705000 Time delta from previous packet: -15837.314363000 seconds Time since reference or first frame: 591.799104000 seconds Frame Number: 1 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:arp ... Hardware type: Ethernet Protocol type: IP ... your PIX emitting a default route towards the inside, which is normally overridden by something with a better route but that something drops the ball? ... (comp.dcom.sys.cisco) Re: PIX Firewall Question ... Cisco newsgroups?? ... >> My question is if anyone out there knows how the PIX boxes 'handle' ... > Apple incorporated the Apple talk protocol in 1980 with some interesting ... > features in the Network layer. ... (comp.security.firewalls) Re: can I use a PIX 515 to block URLs instead of using Websense? ... the pix isnt really built for URL blocking, which is why products such as ... websense server ... Unfortunately, Private I does not ... (comp.security.firewalls) [fw-wiz] Websense protocol Version 4? ... I see from PIX and Websense documentation that the recommended ... configuration for URL filtering is to use the following PIX command: ... Websense and PIX can also be configured to use a TCP protocol. ... (Firewall-Wizards)