« MAK and KMS and Activation - Oh My! | Main | Jacob is almost 2 years old »

November 07, 2008

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Hi Daryl,

I saw one of your tweets on twitter and found this blog posting. I work for Websense and I just wanted to say thanks for writing about us! I would love to hear your feedback about the new version 7, or about your experience with Websense overall. Please feel free to email me.

Sarah Needham

Hi Daryl,

I just wanted to say Thank you for this article, i was trying to find out about this issue for some months now and i believe you gave me the answer.

We are working with Websense V7 end ESX 3.5, and the virtualized Websense was a problem for us.

Regards,

Nicolas De waegeneire

Aren't you now unable to Vmotion the VM in question since the SPAN is only setup on the one ESX host? Were you to move the VM to an ESX host without the SPAN you'd no longer be able to see your interesting traffic. Am I missing something?

Eric--

I wasn't verbose in this post. I set the SPAN for all my ESX hosts. I have four now. It looks like this on my 6509 (my new core switch):

monitor session 1 source interface gig8/46 tx
monitor session 1 destination interface gig9/37 - 40

interface gig8/46 is my Inside ASA interface
interface gig9/37 - 40 are the interfaces setup in ESX to handle the SPAN

you aren't missing anything - if I had only set this up on one/single ESX host, you're right, I wouldn't be able to vmotion it properly.

Good catch - bad documentation :)

--DW

Hey Daryl,

Great writeup! I wish I had come across this prior to hours spent on the phone with Websense support. :-)
We actually have our's setup exactly how you described but still seem to be having issues. We already had the port span in place because we used it for our old SurfControl environment. So we simply assigned the vSwitch to a physical NIC on our host system and plugged that phycical NIC into the port span.
I have verified that Promiscous mode is enabled, etc.
I do have one question about unbinding TCP/IP from the monitoring NIC. Did you do this prior to installing Websense? I tried that option but then when I get to the part in the installation page where it asks which NIC I would like to use to monitor traffic there is only one card listed and it is the card I plan to use for Blocking.
It seems that the NIC needs an IP address, at least to get through the installation.

We are running on Windows Server 2008, 32 bit. Websense version is 7.1. Any additional tips or suggestions would be greatly appreciated.
Thanks!

Hey Jeff--

I created the second NIC - and unbound it from TCP/IP etc. before I installed Websense. It did not have an IP during installation, etc. My Websense box is Server 2003 R2. At the time of installation, Server 2008 wasn't a supported configuration. Have you verified that you don't have the NIC disabled on either a) ESX or b) your Windows OS? If there are any screenshots you'd like to see from my install just ping me on email - daryl at lifechurch dot tv - and I'll send them your way.

--DW

I am seeing the same thing a Jeff. We are running Websense v 7.1 stand alone on a Server 2008 32-bit box, ESX 4. After I unbind the IP the NIC is no longer seen by websense.

Any additional tips or suggestions would be greatly appreciated.

I have the same problem. Seems to be an OS issue when you unbind the TCP/IP stack from the nic Server 2008 seems to just block the nic altogether.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Your Information

(Name is required. Email address will not be displayed with the comment.)

Twitter Updates

    follow me on Twitter