What's new in 2015 Release 3?


	Note This is a limited-availability feature that may not be available in your account.

If you wish to control the Google domain that your end users see, you can now choose to override Google's standard redirect behavior. By default, Google redirects browsers to the appropriate site for the country it detects (for example, google.fr for France). However, sometimes this is not accurate, for example if your end users are browsing through a cloud service proxy that is in a different country.

To use this feature, you should enable SSL decryption for the Search Engines and Portals category on the SSL Decryption tab, and install the Websense root certificate on end user machines.

To define Google redirect behavior for the policy, go to a policy's General tab, then:

Select Override Google redirect behavior.

If you have not already enabled SSL decryption for the Search Engines and Portals category, a warning message appears at this point. You can enable SSL decryption directly from this dialog box.

Select one of the following options:

Ensure requests for google.com are not redirected – This option prevents Google from redirecting to a local country site when the end user enters "google.com".

Redirect requests for google.com to – This option ensures all google.com requests are redirected to a local country site of your choice. Enter the country code in the text field (for example, fr for google.fr, or co.uk for google.co.uk).

Click Save when you are done.

You can also configure Google redirect behavior for specific connections within your policy, when you add or edit a proxied connection on the Connections tab. If you configure Google redirect behavior for both the policy and a connection, the settings for the connection take precedence over the policy settings. If you do not configure Google settings specifically for the connection, it uses the behavior configured at policy level, if any.

Note

For i-Series appliance traffic, note the following:

Google redirect does not apply to traffic coming from clients defined as session-based. This traffic is first directed to Google for termination before being redirected to the cloud service, and in such cases Google redirects to the local country site.

This feature does not work correctly if a user browses to http://www.google.com and Google does not automatically change this to https://www.google.com. In this case, traffic is not redirected to the cloud service and Google applies its own redirect to the appropriate site for the country it detects, rather than the options set in the cloud portal. If the country site selected by Google conflicts with your cloud settings, add "google.com" to the Always analyze list on the Web Content & Security tab to ensure traffic redirection to the cloud.

Privacy protection updates

If you are a TRITON AP-MOBILE user, the IMEI number can now be anonymized in web reports. To enable this option, go to the Account > Privacy Protection page, and select Anonymize end user information. Then select the IMEI number attribute for anonymization.

Note that if you also select Preserve end user information for security threats, any attributes that you select are not anonymized for web traffic considered to be a security risk.

Global authentication page for single sign-on users

A new authentication page has been added for roaming single sign-on end users who need to authenticate with the cloud service. This enables the service to identify the single sign-on identity provider of the roaming user's account, and then execute the single sign-on process.

The authentication page asks the end user to provide their email address. The page is not visible or editable in the cloud portal.

New error pages for connection issues

Additional error pages have been added for cases where the cloud service proxy cannot connect to an HTTPS site. These pages cover the following cases:

SSL connection errors

Network or system error (for example, the site is currently unavailable)

DNS error

Reporting updates

The following updates have been made in web reporting:

The Date range popup window now includes the option to select a custom time zone for a report. By default the time zone is automatically detected and reports are generated in the user's local time zone. Selecting a custom time zone means the report is always generated for that time zone, regardless of the user's location.

Scheduled reports now include the option to password-protect the report. If you select this on the Delivery Options tab, you must enter and confirm a password that the report recipient must use to view the report contents. Ensure the password is distributed securely to all report recipients.

When adding or editing a scheduled report job, manually entering one or more email addresses in the Other recipients field triggers a warning message on clicking Next or Save. This is to ensure the recipients are authorized to receive the reports.

OpenSSL version updated

The version of OpenSSL used in the cloud service has been upgraded to protect against newly-published vulnerabilities.