We are having Websense licensing issues ( We are short of it ). Is there any way that for certain machines (IPs) can pass through ISA directly rather than passing to Websense for filtering to save licenses.
These are servers which we do not want to filter at all because there is no browsing going on these servers.
Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
Absolutely. On each ISA firewall, create a file called ignore.txt and place it in the \windows\system32 folder. Add the machine names in all CAPS (don't ask why!) to the file and save it. Restart the Websense services and you're done.
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:
ORIGINAL: richardhicks
Absolutely. On each ISA firewall, create a file called ignore.txt and place it in the \windows\system32 folder. Add the machine names in all CAPS (don't ask why!) to the file and save it. Restart the Websense services and you're done.
I have done the same as you advised but it did not work.
I included the machine names in the ignore.txt file on ISA server & placed it in \windows\system32 folder & restart the Websense filter service but it is still filtering the servers & some other machines which I don't want to filter in order to save licenses.
Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
Looking at the Websense documentation, their recommendation is to 'restart the server' after making changes to ignore.txt. It appears that simply recycling the filtering service isn't enough. Give that a shot and let me know what happens.
I have restarted the server but it is still filtering the servers. I have contacted the Websense and they told me that there is another file in Windows\system32 folders
isa_ignore.txt
through which I can ignore URL, HOSTNAME and USERNAMES only. I have used it to ignore the URL and still testing it. But initially it looks to me that it is not working.
Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
It was my understanding that isa_ignore.txt was only for intra-array communication, but if Websense support says otherwise, I'll take their word for it.
Websense Support closed the call after trying different method which did not work. They said at the end that anything which goes out of the network to internet will be filtered with Websense.
This is pretty tricky situation now for us. We have to buy more licenses if we can not solve this issue.
Maybe something like this could work: If possible for you, you could deploy a second ISA server, without the Websense plug-in installed, and point these machines to this new ISA server (if they are secure NAT clients, you can change the default route to this ISA; if they are FW ou Web proxy clients, reconfigure them accordingly).
< Message edited by pierreasdf -- 18.May2010 10:23:45 AM >
Looking in the Websense documentation, their advice can be to 'restart the server' ideal after producing modifications to ignore.txt. It appears that merely recycling the filtering organization isn't enough. Give that the shot and allow me know what happens.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> how to avoid Websense filtering for some machines 
how to avoid Websense filtering for some machines - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread