1 Reply Latest reply on Jun 20, 2015 11:09 AM by darragh.delaney

    Websense Proxy Gateway and NTA

    frank_uci

      1st post so please go easy on me

       

      Hi, we use a websense proxy gateway in our environment along with NTA.  Our gateway is constantly getting flagged as being the Top 5 endpoints/conversations, which would make total sense since we are pushing the http traffic through there. Management has asked me if there was anyway that NTA could "ignore" that specific hostname from showing up in the reports but instead break down the details of that hostname and use those as hostnames instead. Example below. dtcev1000-wcg is our proxy gateway and you can drill down to get better detail, however in the reports you can only see the dtcev1000-wcg listed, rather than being able to break it down like when you are in the console.

       

      Thanks in advance. Hope my request makes sense.

       

      1.jpg2.jpg

        • Re: Websense Proxy Gateway and NTA
          darragh.delaney

          I'm not sure if Netflow can do this as a proxy is involved, not a limitation with NTA but Netflow, somebody on here may know more though.

          You could also try some products or tools that simply use raw traffic, no flow enabled devices required,  and  'sniff' at the right side of the proxy.

          For example configure a SPAN port to monitor traffic to/from the proxy from your LAN, you will get all the information you need.

           

          We have a network activity and IT security monitoring tool,  the LANGuardian which also integrates nicely with NPM and other Solarwinds modules.

          Because it look inside the packet contents, it will give richer, readable detail  and you can track activity, events by IP address or user name.

          You can download a trial from our site or access a live demo system here:

           

          http://demo2.netfort.com/Orion/SummaryView.aspx?viewid=31