Applies to:	In this topic
Web Filter and Web Security, v7.7.x	Creating a network object Creating an OPSEC application object Creating Resource Objects Defining rules Configuring enhanced UFP performance

Field	Description
Name	Enter a descriptive name for the network object representing the Filtering Service machine, such as WebsenseFS (make a note of this name for later use). Note: If your DNS is configured to resolve machines within your network, enter the Filtering Service machine's host name here. Then, for IP Address, you can click Get address to resolve the host name to its IP address automatically.
IP Address	Enter the IP address of the machine running Filtering Service. Note: If you entered a host name for Name, you can click Get address to find the machine's IP address automatically. See the description for Name, above, for more information.
Comment	Enter a description for this object.
Color	Select a color for displaying this object in SmartDashboard.

Field	Description
Name	Enter a descriptive name, such as Websense_ufp (make a note of this name for later use).
Comment	Enter a description for this object.
Color	Select a color for displaying this object in SmartDashboard.
Host	Select the network object created in the previous section. This object identifies the machine running Filtering Service. If you have not yet created this object, click New to create it. See Creating a network object for instructions.
Vendor	Select Websense.
Product	This value is not used in creating an object and does not need to be changed.
Version	This value is not used in creating an object and does not need to be changed.
Server Entities	UFP is checked automatically when you select Websense as the Vendor, and.cannot be changed.

Field	Description
Name	Enter a name for this URI Resource Object, such as Blocked_Sites.
Comment	Enter a description for this object.
Color	Select a color for this object's icon.
Use this resource to	Select Enforce URI capabilities. This option enables all other functionality of the URI resource, such as configuring CVP checking on the CVP tab. All basic parameters defining schemes, hosts, paths, and methods apply. The URL is checked for these parameters.
Connection Methods	Mark both the Transparent and the Proxy check boxes.
Exception Track	Select the desired method for tracking exceptions. See the Check Point product documentation for more information.
URI Match Specification Type	Select UFP.

Field	Description
UFP server	Select the OPSEC Application object that was created for the Websense UFP Server in Creating an OPSEC application object.
UFP caching control	Select a caching option. No caching is the recommended setting for most networks.
Categories	Mark the Blocked check box.
Ignore UFP server after connection failure	Mark this check box to permit full HTTP and FTP access if Websense Filtering Service is not running or cannot be contacted. Dependent fields allow you to set the number of times the Check Point product tries to contact Websense software before ignoring it, and the length of time the Check Point product ignores Websense software before attempting to reconnect. Clear this check box to block all HTTP and FTP access when Filtering Service is not running.

Note  The configuration described in this section assumes that all clients have a default route set to the firewall and do not proxy to the firewall. This configuration also assumes that the recommended network configuration is being used: Websense software is running on a separate machine, behind the firewall, and caching is disabled.

Name	(NGX only) Enter a descriptive name for the rule, such as Websense Block.
Source	Add Internal_Network
Destination	Any (default)
Service	Add with Resource In the Service with Resource dialog box, select HTTP. Under Resource, select Blocked_Sites from the drop-down menu. This object was created in Creating Resource Objects.
Action	Reject
Track	None
Install On	Policy Targets
Time	Any (default)
Comment	(NGX only) Enter a more detailed description of the rule.

Name	(NGX only) Enter a descriptive name for the rule, such as Websense Allow
Source	Add Internal_Network
Destination	Any (default)
Service	Add/HTTP
Action	Accept
Track	None
Install On	Policy Targets
Time	Any (default)
Comment	(NGX only) Enter a more detailed description of the rule.

Important  For normal operation, set Track to None in the Websense rules. This disables logging in the Check Point product. When logging is enabled for these rules, the log files become very large, and adversely impact performance. Configure other options in the Track field only when you are testing and troubleshooting.

Note  Before performing the following procedures, make sure you have configured the Check Point product for content filtering with Websense software, as described earlier in this chapter.