locked
Websense and OCS RRS feed

  • Question

  •  

    Hello all,

     

    The client which will utilize OCS currently has Websense installed in their environment.  Has anyone had success in implementing OCS in a network that utilizes Websense? Please share your experience and any Gotchas you've came across.

     

    Thank you,

    Jo

    Thursday, July 3, 2008 8:11 PM

All replies

  • In what scenario are you thinking of implementing websense?

    Reverse Proxy via ISA Server?

    Keep in mind that only a fraction of the traffic flows through ISA server (Address book downloads, Group Expansion and Meeting content downloads)

     

     

    Thursday, July 3, 2008 9:23 PM
  • The Websense is already deployed in the network that will soon start to utilize OCS.  I may not have made this clear, but that environment is a completely separate network than the OCS network.  So all these users from that environment will be remote users to OCS. 

     

     I am aware of protocols for MSN, Yahoo, and AIM that are available with Websense, but I'm not sure how it will handle OCS protocols.  I am assuming they will need to configure a custom protocol for OCS with the ports and transport it will utilize. 

     

    I'm not sure about the file attachments and UDP traffic.  Websense is able to calculate the bandwidth of this traffic and can block file attachments over a certain size, but I don't know if that protocol is the same one OCS utilizes for file share. I also am not sure how it will treat secure IM.    

     

    I will need to ask the IT of that network how they have Websense deployed and I'll update with specifics once I receive a response.  I don't believe ISA is their standard application firewall/reverse proxy.

     

     

    Thank you-

    Enjoy the 4th!

     

    Jo

     

    Friday, July 4, 2008 4:07 AM
  • Transferring files should work the same way as MSN does, it is peer to peer and uses same ports

     

    All other OCS traffic is encrypted so Websense will not be able to see the traffic.

    Depending on internet users or internal users it works over different ports

     

    Internally SIP messages work over port 5061 and are encrypted with TLS

    SRTP (audio or video stream) use dynamic ports but you might be able to limit the ports (not advisable and minimum 20 required)

    http://technet.microsoft.com/en-us/library/bb964029(TechNet.10).aspx

     

     

     

    Tuesday, July 8, 2008 6:59 PM