What do I do when the wrong policy is being applied to requests?

Topic 50513 | Web Security FAQ | Websense Web Security Solutions | Updated 07-Feb-2014


Applies To:	Websense Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7 and 7.8

When a user's requests are not managed by the expected policy, and you have confirmed that the user is being identified correctly, use these steps to help identify and resolve the problem.

Verify your subscription key.

In the Web Security manager, go to the Status > Alerts page and make sure no subscription-related alerts appear in the Health Alert Summary.

Navigate to the Settings > General > Account page and verify that your subscription key appears, the expiration date has not passed, and the number of subscribed network users is greater than 0.

Make sure the Websense Master Database has downloaded successfully.

Check for alerts on the Status > Alerts page.

If no alerts appear, click Database Download in the toolbar at the top of the dashboard, and make sure all Filtering Service instances show a successful last download, and that all downloads happened within the last 2 weeks (14 days).

If there are any messages, or if the database is outdated, click Update to initiate a manual update.

Check for Filtering Service errors.

Look for Filtering Service alerts on the Status > Alerts page. Click the Solutions link next to any alert for troubleshooting steps.

If Filtering Service resides on a Windows machine, check the Event Viewer (Start > Administrative Tools > Event Viewer) for Websense EIM Server (Filtering Service) errors.

Check the websense.log file in the Websense bin directory (C:\Program Files (x86)\Websense\Web Security\bin or /opt/Websense/bin/, by default) for EIMServer (Filtering Service) errors.

Use the TestLogServer utility to verify that Filtering Service is receiving URL requests. For instructions, see Using TestLogServer for Web Security Troubleshooting.

If Filtering Service is not receiving Internet traffic, verify that Network Agent, Content Gateway, or your third-party integration product has been properly configured to communicate with Filtering Service.

If you have a standalone Web Security deployment, verify that Network Agent is able to see all traffic (incoming and outgoing) and that port spanning is configured. (See the Deployment and Installation Center for details.)

Run the WebsensePing utility to see what happens when a user requests a site. Refer to URL categories and filtering status for instructions.

Verify that connections to the client and origin server are being closed by running a packet capture on the Filtering Service machine and on the client.

Refresh the Filtering Service user/group cache. By default, Filtering Service caches user and group information for 2 hours. The cache needs to be updated when any changes are made to users or groups.

To update the cache, log on to the Web Security manager and navigate to the Settings > General > Directory Services page, then click Clear Cache.

Make sure the client machine can communicate with the Filtering Service machine.

On the client machine, open a Command Prompt and ping the Filtering Service machine.

If the ping succeeds, on the Filtering Service machine, make sure that Filtering Service (EIMServer) is listening on port 15871.

netstat -an |find "15871"

From the client, open a telnet session to the Filtering Service machine on port 15871.

telnet <ip_address> 15871

If telnet fails, ensure there are no local firewalls or devices between the client and Filtering Service that are blocking the port.

To make sure the client machine can receive a block page, go to the client machine and enter the following URL:

http://<Filtering_Service_IP_address>:15871/cgi-bin/blockpage.cgi?

If you see an Invalid Request message, Filtering Service is active and listening. This means that the client can reach Filtering Service but there may be DNS issues.

If you see a Page Cannot be Displayed message, there are connectivity issues between the machines.