We have been a Websense customer for quite a few years now and while the basic functionality of the system has always been acceptable, I’ve always found everything else to be a tedious and slow process with them.
For example, when we first implemented Websense we had a Cisco PIX firewall and integrating Websense with the PIX was a snap. Eventually we replaced the PIX with a Watchguard and had to find a new method of integrating Websense into our network. We had a Cisco router as our LAN gateway, and Websense had an integration for Cisco routers so that seemed like the logical road to go down. After spending over a month working with their support crew without getting the integration to work, one of their techs asked “why don’t you just use it in standalone mode?” Naturally I had assumed that standalone mode would require the Websense server to be physically between the clients and the internet gateway, or to have the clients configured with proxy settings. Neither of which was something that I was willing to do. Turns out, neither is required. Why wasn’t this the first road for tech support to show me? It turned out that standalone mode was SO easy to install and configure, that I still can’t for the life of me understand why they even have integration options.
It had been a while since I had to deal with their support for anything other than upgrade issues (the log database doesn’t always work after a version upgrade, for some reason). At our last renewal, we added Remote Filtering licensing to our package so that we can protect our remote users when they are out of the office. I began testing the remote filtering client and it was working great! I didn’t notice any performance degradation and my laptop was following our filtering policies to the letter. Then I tried connecting to our VPN (Juniper SA4500 SSL) and while it connected, I was unable to go anywhere. At all. I removed the filtering client and the VPN began working normally again. Back to Websense Support.
I spent a few weeks testing and sending logs back and forth to WS Support, tweaking settings and retesting as directed. Then they just stopped following up. A few weeks went by and I got an apologetic email from the tech on my case saying that he would like to resume troubleshooting bla bla bla. I was unavailable that week but I said the following week would be fine. The following week came and went with no followup. I sent one more email trying to reconnect, and then went on with the troubleshooting myself.
I upgraded from 7.0.1 to 7.1. The problem persisted. There were some patches, so I installed them. The problem persisted. It turns out that one of the patches allows https/ftp protocol filtering to be disabled at the remote filtering server, and this did fix the VPN issue. That’s their solution to this problem? Just disable https filtering? I realize that the chances of porn or malicious code being present on an https page are far lower than on http, but I’m still not crazy about the idea of unblocking an entire web protocol just to fix a compatibility issue.
In the midst of these last steps, I had upgraded my laptop to Windows 7 64-bit. I tried installing the remote filtering client but it failed. I emailed WS Support and they informed me that they do not support x64 clients at all, nor do they support 32-bit Vista, or Windows 7. Not only that, but it would be 6-12 months before Windows 7 was supported. 6-12 months, seriously? This was after the official release of Windows 7 so I’m thinking that maybe a month, or 6 weeks would be an appropriate lead time for a compatible filtering client. Nope.
Considering how much they charge for this product, I really think they should be better about ensuring that their product is compatible with current operating systems. 6 months is not acceptable, nevermind 12. I don’t think I’m the only one that will be shopping for alternative filtering solutions when we come up for renewal again. Get your head out of the sand, Websense.
Twitter
We recently added website filtering ability for laptops that are offline. This is in addition to a good number of other reports on employee use of their compuerse.
You may want to check out this alternative as you mentioned.