This is the standard configuration I use to bring up websense on the firewall. There are other options available you can check those out in the Cisco Links
url-server (inside) vendor websense host 10.55.55.55 timeout 15 protocol TCP version 4
url-block url-mempool 1500
url-block url-size 4
url-block block 128
filter url http 10.40.40.0 255.255.255.0 0.0.0.0 0.0.0.0 longurl-truncate allow
filter https 443 10.40.40.0 255.255.255.0 0.0.0.0 0.0.0.0 longurl-truncate allow
filter ftp 21 10.40.40.0 255.255.255.0 0.0.0.0 0.0.0.0 allow
---------------------
Note if you wanted to filter any ip going anywhere for http, https, and ftp use the following:
filter url http 0 0 0 0 longurl-truncate allow
filter https 443 0 0 0 0 longurl-truncate allow
filter ftp 21 0 0 0 0 allow
**Side Note: The Allow command in the filter allows the websense to fail-open, without the allow command it will fail-close if the ASA detects the websense is down it will just start blocking all traffic that needs filtered by websense, since the websense is down.**
Cisco How to Document:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008088517b.shtml
More options:
I have included the link to the command line reference which can be found here:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/uz.html#wp1625866
Websense How to document, starts on page 9:
http://www.websense.com/content/support/library/web/v71/wws_pdfs/install_cisco.pdf
If you want to check the status if your Websense is up do the following:
CiscoASA#show url-server statistics Global Statistics: -------------------- URLs total/allowed/denied 73/33/40 URLs allowed by cache/server 0/4 URLs denied by cache/server 0/15 HTTPSs total/allowed/denied 145/140/5 HTTPSs allowed by cache/server 0/18 HTTPSs denied by cache/server 0/1 FTPs total/allowed/denied 0/0/0 FTPs allowed by cache/server 0/0 FTPs denied by cache/server 0/0 Requests dropped 0 Server timeouts/retries 0/0 Processed rate average 60s/300s 0/0 requests/second Denied rate average 60s/300s 0/0 requests/second Dropped rate average 60s/300s 0/0 requests/second Server Statistics: -------------------- 10.55.55.55 UP Vendor websense Port 15868 Requests total/allowed/denied 145/140/5 Server timeouts/retries 0/0 Responses received 145 Response time average 60s/300s 0/0 URL Packets Sent and Received Stats: ------------------------------------ Message Sent Received STATUS_REQUEST 1789 1701 LOOKUP_REQUEST 1456 1566 LOG_REQUEST 0 NA Errors: ------- RFC noncompliant GET method 0 URL buffer update failure 0