RE: [FW1] Firewall/VPN-1 and Websense

Wed, 28 Mar 2001 06:25:48 -0800 


Stewart,

I am running a eval on Websense also.
As far as I know about it, you nderstanding regarding the licensing of
Websense is correct. One ip, one license.

One thing I have noticed with sending all traffic thru the WebSense server
is that it slows everything down remarkabley.
I do not htink I would recommend that. We tried it and found that if the
requests get backed up then the UFP server will send a unable to connect to
the client. Even if the client is allowed by policy. I called the Websense
tech line and they are working on why it does that.

Have you gotten pricing on the Websense for 1000? I just got a quote from
them and it was grounds for a heart attack.

My experiences...

Tom


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 28, 2001 09:04
To: [EMAIL PROTECTED]
Subject: [FW1] Firewall/VPN-1 and Websense



I've got a question about Websense.  I'm running Firewall/VPN-1 v4.1 SP3 on
NTv4.0 SP5.  I'm currently evaluating Websense because some porn showed up
at one of our public PC kiosk for employees.  The kiosk has thin-clients
running with a Citrix server.  When an HTTP request hits the firewall from
any of these thin-clients, it appears to be coming from the Citrix server
as far as workstation IP address.

Right now  I have a rule setup on the firewall with a group called
web-block.  Any WS in this group would be sent to the Websense server via
UFP for web-site checking.  All other WS would drop down to the next rule
and have full access to the Internet.

I guess I'm confused about Websense licensing.  From what I understand,
because these 10-12 thin-clients running with my Citrix server appear as 1
IP address, that would be only 1 license to the Websense server.

Is there any advantage to sending all HTTP traffic through the Websense
server and setup rules there?  If that is the case, I would probably need a
1000 user license from Websense?

Any help or direction would be greatly appreciated!

Stewart




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to