Technical Library
|
Support
Refine Web Security Policies
>
Working with protocols
> Protocol-based policy enforcement
Protocol-based policy enforcement
Web Security Help | Web Security Solutions | Version 7.8.x
Related topics:
Working with protocols
Editing custom protocols
Creating a custom protocol
Adding or editing protocol identifiers
Adding to a Websense-defined protocol
When Network Agent is installed or with a Websense Web Security Gateway deployment, Websense software can block Internet content transmitted over particular ports, or using specific IP addresses, or marked by certain signatures, regardless of the nature of the data. By default, blocking a port intercepts all Internet content entering your network over that port, regardless of source.
Note
Occasionally, internal network traffic sent over a particular port may not be blocked, even though the protocol using that port is blocked. The protocol may send data via an internal server more quickly than Network Agent can capture and process the data. This does not occur with data originating outside the network.
When a protocol request is made, Web Security solutions use the following steps to determine whether to block or permit the request:
1.
Determine the protocol (or Internet application) name.
2.
Identify the protocol based on the request destination address.
3.
Search for related port numbers or IP addresses in custom protocol definitions.
4.
Search for related port numbers, IP addresses, or signatures in Websense-defined protocol definitions.
If any of this information cannot be determined, all content associated with the protocol is permitted.
If the protocol is FTP, HTTPS, or gopher, a check is first performed to see if the protocol is blocked. If the protocol is permitted, Filtering Service performs a URL lookup to see if the requested site is permitted or blocked.
Refine Web Security Policies
>
Working with protocols
> Protocol-based policy enforcement
Copyright 2016 Forcepoint LLC. All rights reserved.